Cyber Risk Analyst Jobs in Oregon (NOW HIRING)

Location Designation: Hybrid - 3 days per quarter 

Red Team Program Lead

Level: MG3/PF6

Location Designation: Hybrid - 3 Days per Quarter

The role reports to the Head of Cyber Risk Management, inside of Technology Risk organization, and supports the execution, governance, and operational management of New York Life's Red Team Program. The Red Team Program Lead is responsible for planning, coordinating, and executing adversary-informed security exercises that help evaluate the company's ability to prevent, detect, respond to, and recover from realistic cyber threats, to include the rapidly developing aspects related to AI driven Red Teaming as well as exercises conducted against AI in its various forms.

Role Overview:

This position plays a key role in leading the program's operating cadence, engagement pipeline, stakeholder coordination, vendor activities, executive reporting, and outcome tracking. The Red Team Program Lead is not expected to be a hands-on technical operator; rather, the role requires strong program-oriented discipline, organizational knowledge, relationship management, and the ability to communicate and drive complex work across technology, cybersecurity, business, and control functions.

The individual will help ensure Red Team engagements are planned, governed, communicated, and reported in a way that maximizes organizational learning while maintaining trust with stakeholders who may be subject to challenging discoveries and other impacts brought about by adversarial exercises. The position requires sound judgment, discretion, attention to detail, and the ability to manage priorities in a dynamic execution environment.

What You'll Do:

Program Leadership & Operating Cadence

• Manage the Red Team Program engagement pipeline, including intake, prioritization, planning, scheduling, execution tracking, and post-engagement follow-up.
• Maintain program plans, milestones, deadlines, dependencies, and deliverables across concurrent exercises and related activities.
• Support annual and quarterly planning activities, including exercise selection, resource planning, stakeholder alignment, and program roadmap maintenance.
• Track program risks, issues, decisions, and dependencies, escalating items as appropriate to leadership.
• Help establish and maintain repeatable processes, templates, procedures, and governance documentation.

Stakeholder Coordination & Relationship Management

• Coordinate across cybersecurity, technology operations, risk, business, and control functions to support the successful planning and execution of Red Team engagements.
• Build and maintain positive relationships with stakeholders, including during exercises that may involve sensitive findings, operational disruption concerns, or adversarial scenarios.
• Serve as a point of coordination between the Red Team Control Board, technical operators, defensive teams, technology owners, business stakeholders, and executive audiences.
• Support pre-engagement communications, rules of engagement, stakeholder briefings, deconfliction activities, and post-engagement readouts.
• Exercise extreme discretion and sound judgment when handling confidential plans, sensitive results, and need-to-know communications.

Engagement Governance & Outcome Tracking

• Support the definition and documentation of engagement scope, objectives, assumptions, constraints, timelines, and success criteria.
• Track observations, findings, themes, and remediation commitments resulting from Red Team exercises and related security assessments.
• Partner with stakeholders to drive follow-up actions, confirm ownership, monitor progress, and support timely resolution of agreed outcomes.
• Help categorize engagement results in a consistent and meaningful manner to support trend analysis, executive reporting, and risk-informed decision-making.
• Maintain accurate records of completed exercises, key outcomes, lessons learned, and program metrics.

Reporting, Metrics & Executive Communications

• Develop and maintain program reporting, dashboards, and executive-level materials summarizing Red Team activity, outcomes, risks, trends, and remediation progress.
• Translate complex cybersecurity concepts and exercise results into clear, practical, and audience-appropriate communications.
• Support recurring updates to cybersecurity leadership, technology leadership, risk partners, and other executive stakeholders.
• Identify recurring control gaps, organizational themes, and opportunities to improve cyber defense capabilities based on engagement results.
• Ensure reporting is accurate, balanced, actionable, and appropriately sensitive to audience and confidentiality considerations.

Vendor, Budget & Resource Management

• Support selection and management of third-party vendors engaged in Red Team, adversary simulation, or related cybersecurity assessment activities.
• Coordinate vendor onboarding, statements of work, timelines, deliverables, invoices, and performance tracking in partnership with procurement and program leadership.
• Assist with budget planning, expense tracking, forecasting, and analysis for Red Team Program activities.
• Monitor resource needs and constraints, helping leadership prioritize or deprioritize work based on risk, business priorities, capacity, and timing.
• Help ensure vendor activities are aligned with internal standards, engagement objectives, and stakeholder expectations.

Process Improvement & Program Maturity

• Identify opportunities to improve program structure, execution discipline, reporting consistency, stakeholder experience, and outcome management.
• Contribute to the development and maintenance of Red Team Program standards, operating procedures, and best practices.
• Support alignment between Red Team activities and broader cybersecurity, Technology Risk, Incident Response, Vulnerability Management, and control improvement efforts.
• Help mature the program's ability to measure effectiveness, communicate value, and drive enterprise-level security improvements.
• Adapt program execution to changing priorities, emerging threats, organizational needs, and operational constraints.

What You'll Bring:

• Prior experience in IT system ownership, cybersecurity program coordination, technology risk, project/program management, or related technology governance roles.
• Experience managing cross-functional initiatives involving technology, cybersecurity, risk, business, vendor, and executive stakeholders.
• Demonstrated experience tracking deadlines, dependencies, action items, budgets, deliverables, and outcomes across complex initiatives.
• Prior experience supporting vendor management activities, including coordination of deliverables, timelines, invoicing, and performance expectations.
• Experience preparing executive-facing materials, status updates, metrics, dashboards, or management reporting.
• Familiarity with cybersecurity, cyber defense, technology infrastructure, application environments, identity and access management, incident response, or security operations concepts.
• Prior experience in a regulated financial services, insurance, or similarly complex enterprise environment preferred.
• Experience supporting offensive security, penetration testing, adversary simulation, purple team, incident response, or cyber resilience programs preferred but not required.

Knowledge and Education

• Bachelor's degree required or equivalent work experience.
• Project or program management experience or exposure.
• Cybersecurity or technology risk certification preferred, such as Security+, CISSP, CISM, CRISC, or similar designation.
• High-level understanding of cyber defense organizations, including security operations, incident response, threat intelligence, vulnerability management, identity, infrastructure, and application security functions.
• High-level understanding of enterprise technology functions, including application ownership, infrastructure, cloud, networking, end-user technology, and technology operations.
• Working knowledge of risk management, issue management, control remediation, and executive reporting practices.

Communications and Collaboration

• Ability to communicate clearly and professionally with technical teams, business partners, risk stakeholders, vendors, and executive audiences.
• Demonstrated ability to build trust and maintain positive working relationships, including in situations involving challenging findings, sensitive topics, or competing priorities.
• Strong organizational, analytical, written communication, and presentation skills.
• Ability to translate technical or complex cybersecurity concepts into practical business language.
• Proven ability to drive accountability and outcomes across teams without direct authority.
• Sound judgment, discretion, and professionalism when handling confidential or sensitive information.
• Self-motivated and detail-oriented, with the ability to manage shifting priorities in a dynamic execution environment.
• Ability to prioritize and deprioritize work based on risk, urgency, stakeholder impact, and available capacity.

#LI-VL1
#LI-HYBRID  

Pay Transparency

Salary Range: $185,000-$225,000 

Overtime eligible: Exempt 

Discretionary bonus eligible: Yes 

Sales bonus eligible: No 

Actual base salary will be determined based on several factors but not limited to individual's experience, skills, qualifications, and job location. Additionally, employees are eligible for an annual discretionary bonus. In addition to base salary, employees may also be eligible to participate in an incentive program.

Our Benefits

We provide a full package of benefits for employees - and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs. Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work. Click here to discover more about our comprehensive benefit options or visit our NYL Benefits Site.

Our Commitment to Inclusion
At New York Life, fostering an inclusive workplace is fundamental to who we are and how we serve our communities. We have a longstanding commitment to creating an environment where individuals can contribute their best and succeed together. This foundation is rooted in our core values of humanity and integrity, ensuring that every employee feels valued and supported. By embracing a broad range of perspectives and experiences, we achieve greater success and fulfill our promise of providing financial security and peace of mind to families across all communities. Click here to learn more about New York Life's leadership in this space.

Recognized as one of Fortune's World's Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and volunteerism, supported by the Foundation. We're proud that due to our mutuality, we operate in the best interests of our policy owners. To learn more about career opportunities at New York Life, please visit the Careers page of www.NewYorkLife.com.

Visit our LinkedIn to see how our employees and agents are leading the industry and impacting communities.

Visit our Newsroom to learn more about how our company is constantly evolving to meet our clients' and employees' needs.

Job Requisition ID: 94130