Corporate Vice President - Head of Enterprise Vulnerability & Remediation

• Build and lead the centralized Enterprise Vulnerability & Remediation function across infrastructure endpoint cloud and application-dependent services.
• Define the end-to-end intake-to-closure workflow for vulnerabilities patches Critical VITs zero-days EOL remediation and exception handling.
• Establish severity-based remediation lanes including:
• Same-day / P1 response for zero-days
• 24-hour automated response for Critical VITs
• 3-day cycle for High-priority patches
• 6-day accelerated cycle for priority remediation
• Ensure every vulnerability has clear ownership target dates remediation plan validation evidence and closure disposition.
• Drive daily operational governance and weekly executive reporting across remediation workstreams.

• Oversee centralized vulnerability intake prioritization SLA tracking remediation coordination reporting and escalation.
• Ensure findings from Qualys Tanium cloud tools security alerts vendor advisories and exception requests are triaged and routed to accountable owners.
• Maintain enterprise dashboards for open vulnerabilities aging SLA adherence exception status rollback activity automation coverage and closure evidence.
• Drive remediation discipline across platform endpoint cloud and application teams.
• Ensure vulnerabilities are not closed until validated through scan results automated testing system health checks or approved risk acceptance.

• Lead the endpoint patching reliability function responsible for endpoint patch execution deployment waves reboot compliance endpoint health and rollback coordination.
• Standardize endpoint patching controls across pilot rings production waves user-impact monitoring failed install tracking and exception handling.
• Ensure endpoint patching supports accelerated remediation timelines while maintaining controls for VPN EDR authentication productivity tools and user-impacting issues.
• Partner with Endpoint Engineering Service Desk Security and Operations teams to resolve endpoint patch failures and reduce repeat defects.

• Lead the infrastructure patching reliability function across Windows Linux middleware databases cloud-hosted servers and related platform services.
• Establish lower-environment canary and production patching waves with clear go/no-go criteria.
• Standardize patch baselines maintenance windows reboot strategy rollback readiness compensating controls and patch failure handling.
• Drive cloud patching execution through approved tools such as Qualys Patch Management Tanium AWS Systems Manager Patch Manager and related automation platforms.
• Ensure post-patch validation includes reboot success service startup monitoring agent health scan validation and closure evidence.

• Partner with CIO application teams DevOps and SREs to ensure application readiness does not become a blocker to vulnerability remediation.
• Establish structured application-team engagement for ownership confirmation business criticality testing windows release constraints reboot approvals and production sign-off.
• Drive application regression testing automation to reduce manual validation time and enable accelerated patch cycles.
• Ensure application teams define smoke tests API checks service checks transaction validation dependency checks and pass/fail criteria.
• Support application-level remediation for libraries middleware compatibility certificates runtimes code fixes configuration changes and dependency upgrades.
• Escalate application readiness code/configuration or sign-off delays that threaten Mythos CBS AWS remediation EOL remediation or Critical VIT timelines.

• Lead remediation governance for AWS/cloud patching including non-production rollout production rollout BAU transition tool enablement and execution risk management.
• Oversee remediation blockers such as non-reporting agents root-volume constraints reboot dependencies application/SRE coordination and access limitations.
• Coordinate EOL OS modernization strategy with platform cloud vendor and application teams.
• Ensure EOL remediation is tracked through fresh build replatforming hardened AMIs Terraform automation CI/CD pipelines EKS for container-ready workloads and EC2 for non-container workloads.
• Drive executive visibility into EOL exposure impacted applications SLT ownership modernization waves and dependency risks.

• Define the automation roadmap for patch deployment health checks application regression testing scan validation dashboards and closure evidence.
• Partner with DevOps and CIO teams to evaluate New Relic monitors synthetic checks service health dashboards alert policies and performance baselines as near-term accelerators for post-patch validation.
• Ensure tooling supports vulnerability-informed remediation automated deployment compliance reporting evidence capture and closure workflows.
• Drive integration across Qualys Tanium AWS Systems Manager CI/CD platforms CMDB ITSM monitoring tools and reporting dashboards.

• Define and enforce exception standards including business justification compensating controls expiration dates remediation commitments and approval authority.
• Challenge unsupported or open-ended exceptions.
• Escalate missed deadlines unresolved blockers owner gaps testing delays and unmanaged risk through formal governance channels.
• Ensure remediation issues move to one of the required outcomes: deploy fix roll back compensate exception or validated closure.

• Set enterprise remediation expectations timelines and SLA discipline.
• Require remediation plans and target dates from infrastructure endpoint cloud application and vendor teams.
• Escalate unresolved blockers missed timelines and unmanaged risk.
• Require time-bound exceptions with compensating controls and accountable owners.
• Coordinate remediation activity spanning endpoints servers cloud middleware applications EOL platforms and critical vulnerabilities.
• Drive CIO/application-team engagement where application validation code changes dependency fixes or production sign-off are required.

• Operating model launched: Centralized vulnerability and patch remediation function established with clear roles RACI workflows dashboards and escalation paths.
• Accelerated patch lanes operational: 24-hour Critical VIT 3-day High-priority and 6-day accelerated priority patching cycles implemented.
• AWS/cloud patching stabilized: Qualys/cloud patching enabled non-reporting agents and root-volume constraints tracked and production patching moved into BAU.
• EOL modernization governed: EOL OS exposure tracked by application SLT platform modernization wave and dependency status.
• Application validation accelerated: Critical applications onboarded to smoke tests health checks New Relic or CI/CD validation and exception-based review.
• SLA performance improved: Reduction in aging Critical and High vulnerabilities overdue remediation and repeat exposure.
• Evidence quality improved: Closure based on scan validation automated test results health checks and documented remediation evidence.
• Exception backlog controlled: Exceptions are time-bound risk-reviewed and actively managed.
• Executive visibility established: Leadership reporting in place for backlog SLA compliance aging closure rollback exceptions automation coverage and unresolved blockers.

• 12-15+ years of experience in IT Operations Infrastructure Security Engineering Cloud Operations SRE or Enterprise Technology leadership.
• 5+ years leading vulnerability management patching remediation infrastructure operations or enterprise reliability functions at scale.
• Deep understanding of enterprise platforms including Windows Linux endpoints middleware databases AWS/cloud infrastructure containers and application-dependent services.
• Experience with vulnerability and patching tools such as Qualys Tanium AWS Systems Manager Patch Manager endpoint management platforms CMDB ITSM and reporting dashboards.
• Strong knowledge of patch management change management configuration management exception governance and evidence-based closure.
• Experience coordinating application teams for testing dependency remediation code/configuration changes release windows and production sign-off.
• Strong understanding of cloud remediation EOL modernization hardened images Terraform CI/CD EKS EC2 and DevOps operating models.
• Demonstrated ability to influence senior stakeholders drive accountability across organizational boundaries and escalate unmanaged risk.
• Strong executive communication skills with the ability to translate technical remediation risk into clear business impact and action plans.

• Experience in financial services or another highly regulated industry.
• Familiarity with NIST CSF CIS Controls SOX NYDFS PCI or similar regulatory/control frameworks.
• Experience with New Relic synthetic monitoring application regression automation CI/CD test orchestration and evidence capture.
• Certifications such as CISSP CISM CRISC CCSP AWS ITIL or SRE-related credentials.
• Experience building remediation factories centralized vulnerability operations or large-scale EOL modernization programs.

What We Do

At New York Life our 180-year legacy of integrity mutuality and financial strength fuels a future defined by bold transformation. As the largest mutual life insurance company in the U.S. we operate on behalf of our policy owners—not shareholders. That structure allows us to take a long-term view investing in people purpose and innovation that endures. Guided by a clear enterprise vision to become a technology- data- and AI-powered company we’re modernizing our platforms rearchitecting experiences and embedding intelligence across our products and services. Our mission has always been about helping people through life’s most meaningful moments. Today technology is amplifying that mission—enabling us to serve clients advisors and communities in more personalized proactive ways. With a diversified business portfolio spanning insurance investments retirement group benefits and direct-to-consumer offerings New York Life delivers the stability of a Fortune 100 company with the agility of one that’s continuously evolving. We’re powered by a values-led culture inclusive teams and a shared belief that when our people thrive so does our company. Here tradition fuels momentum—and your ideas energy and growth power what’s next.

Why Work With Us

New York Life is transforming from the inside out—blending 180 years of trust with the velocity of innovation. What makes us different is our culture: grounded in integrity humanity and shared success—values that show up in how we work lead and grow. If you want a place where innovation has purpose—build what's next with us.

Gallery