Lead the enterprise patch and vulnerability remediation operating model: intake triage prioritization SLA enforcement remediation orchestration reporting and closure across on‑prem cloud endpoints and applications. Drive governance forums coordinate cross‑team remediation produce executive dashboards escalate blockers and improve closure quality and automation.

Location Designation: Hybrid - 3 days per quarter
Role Summary
Lead the centralized operating model for enterprise vulnerability intake prioritization governance SLA tracking remediation orchestration reporting escalation and evidence-based closure across infrastructure cloud endpoints and application-dependent services.
This role converts vulnerability findings into measurable risk reduction by aligning Security Infrastructure Endpoint Cloud Application SRE Risk Change and vendor teams around clear ownership target dates decision gates and closure evidence.
What You'll Do:
Strategy Governance & Operating Model
• Own the enterprise patch and vulnerability remediation operating model across on-prem cloud endpoint and application-dependent environments.
• Define and enforce intake triage severity lanes remediation SLAs escalation paths exception handling and closure evidence standards.
• Chair daily and weekly remediation governance forums; drive accountability across resolver teams and surface blockers for executive action.
• Design the centralized workflow that connects scanning asset ownership patch execution change coordination validation and executive reporting.
Intake Prioritization & SLA Management
• Triage findings from Qualys Tanium security alerts vendor advisories threat intelligence and exception requests.
• Prioritize remediation by severity exploitability exposure business criticality compensating controls and regulatory/audit impact.
• Ensure every finding has an accountable owner target date remediation path and documented status.
• Manage zero-day Critical VIT High Medium Low and priority patch lanes including 24-hour 3-day and 6-day accelerated cycles.
Reporting Metrics & Executive Communication
• Produce executive dashboards covering backlog aging SLA adherence mean time to closure patch success rate rollback count exception aging ownerless assets and automation coverage.
• Translate technical remediation risk into business impact escalation decisions and leadership actions.
• Partner with Risk Security Audit and Technology leadership on evidence quality control maturity and remediation accountability.
Cross-Team Orchestration
• Coordinate endpoint infrastructure cloud and application remediation dependencies across CIO teams SREs DevOps and vendors.
• Escalate blocked remediation caused by application validation reboot approvals access constraints tooling gaps vendor delays or production sign-off issues.
• Partner with automation teams to reduce manual validation and increase evidence capture.
Authority and Scope
• Set remediation expectations SLA timelines status reporting standards and evidence requirements for in-scope vulnerabilities.
• Require remediation plans target dates owner assignment and time-bound exception requests from infrastructure endpoint cloud and application teams.
• Escalate missed deadlines unresolved blockers unmanaged risk and unsupported exceptions through formal governance channels.
Success Measures & Key Outcomes (First 6-12 Months)
• Critical and High SLA adherence improves across endpoint infrastructure cloud and application-dependent services.
• Reduction in aging vulnerabilities repeat findings exception backlog and ownerless assets.
• Executive dashboards are accurate current and used for decision-making.
• Closure quality improves through scan validation automated testing evidence and documented remediation records.
What You'll Bring:
• 10+ years in IT Operations Infrastructure Security Engineering SRE or Vulnerability Management with experience leading cross-functional remediation programs.
• Strong understanding of vulnerability scanning patching change exception asset inventory and remediation governance.
• Experience with Qualys Tanium ServiceNow/Jira CMDB dashboarding executive reporting and SLA management.
• Ability to influence senior stakeholders and drive decisions across Technology Security Risk and Application teams.
Nice to Have
• Financial services or regulated-industry experience.
• Familiarity with cloud security posture container security DevOps CI/CD and application security integrations.
• Certifications such as CISSP CISM CRISC ITIL cloud security or SRE-related credentials.
Working Model
Hybrid role requiring regular collaboration with IT Operations Cybersecurity Risk CIO application teams and executive stakeholders. Occasional off-hours engagement is expected during zero-day events Critical VIT response or major remediation campaigns.
Pay Transparency
Salary Range: $111500-$159000
Overtime eligible: Exempt
Discretionary bonus eligible: Yes
Sales bonus eligible: No
Actual base salary will be determined based on several factors but not limited to individual's experience skills qualifications and job location. Additionally employees are eligible for an annual discretionary bonus. In addition to base salary employees may also be eligible to participate in an incentive program.
Company Overview
At New York Life our 180-year legacy of purpose and integrity fuels our future. As we evolve into a more technology- data- and AI-enabled organization we remain grounded in the values that drive lasting impact.
Our diverse business portfolio creates opportunities to make a difference across industries and communities-inviting bold thinking collaborative problem-solving and purpose-driven innovation. Here you'll find the rare balance of long-standing stability and forward momentum supported by an inclusive team that honors tradition while embracing progress.
As a Fortune 100 mutual company we offer a place to grow your skills contribute to meaningful work and deliver solutions that matter. Your ideas drive what's next and your growth powers it.
Our Benefits
We provide a full package of benefits for employees - and have unique offerings for a modern workforce including leave programs adoption assistance and student loan repayment programs. Based on feedback from our employees we continue to refine and add benefits to our offering so that you can flourish both inside and outside of work.Click hereto discover more about our comprehensive benefit options or visit our NYL Benefits Site.
Our Commitment to Inclusion
At New York Life fostering an inclusive workplace is fundamental to who we are and how we serve our communities. We have a longstanding commitment to creating an environment where individuals can contribute their best and succeed together. This foundation is rooted in our core values of humanity and integrity ensuring that every employee feels valued and supported. By embracing a broad range of perspectives and experiences we achieve greater success and fulfill our promise of providing financial security and peace of mind to families across all communities. Click here to learn more about New York Life's leadership in this space.
Recognized as one of Fortune's World's Most Admired Companies New York Life is committed to improving local communities through a culture of employee giving and volunteerism supported by the Foundation. We're proud that due to our mutuality we operate in the best interests of our policy owners. To learn more about career opportunities at New York Life please visit the Careers page of www.NewYorkLife.com.
Visit our LinkedIn to see how our employees and agents are leading the industry and impacting communities.
Visit our Newsroom to learn more about how our company is constantly evolving to meet our clients' and employees' needs.
Job Requisition ID: 94269
#BI-Hybrid