Senior Associate - Patch & Vulnerability Operations Lead

Location Designation: Hybrid - 3 days per quarter
Role Summary
Lead the centralized operating model for enterprise vulnerability intake, prioritization, governance, SLA tracking, remediation orchestration, reporting, escalation, and evidence-based closure across infrastructure, cloud, endpoints, and application-dependent services.
This role converts vulnerability findings into measurable risk reduction by aligning Security, Infrastructure, Endpoint, Cloud, Application, SRE, Risk, Change, and vendor teams around clear ownership, target dates, decision gates, and closure evidence.
What You'll Do:
Strategy, Governance & Operating Model
• Own the enterprise patch and vulnerability remediation operating model across on-prem, cloud, endpoint, and application-dependent environments.
• Define and enforce intake, triage, severity lanes, remediation SLAs, escalation paths, exception handling, and closure evidence standards.
• Chair daily and weekly remediation governance forums; drive accountability across resolver teams and surface blockers for executive action.
• Design the centralized workflow that connects scanning, asset ownership, patch execution, change coordination, validation, and executive reporting.
Intake, Prioritization & SLA Management
• Triage findings from Qualys, Tanium, security alerts, vendor advisories, threat intelligence, and exception requests.
• Prioritize remediation by severity, exploitability, exposure, business criticality, compensating controls, and regulatory/audit impact.
• Ensure every finding has an accountable owner, target date, remediation path, and documented status.
• Manage zero-day, Critical VIT, High, Medium, Low, and priority patch lanes, including 24-hour, 3-day, and 6-day accelerated cycles.
Reporting, Metrics & Executive Communication
• Produce executive dashboards covering backlog, aging, SLA adherence, mean time to closure, patch success rate, rollback count, exception aging, ownerless assets, and automation coverage.
• Translate technical remediation risk into business impact, escalation decisions, and leadership actions.
• Partner with Risk, Security, Audit, and Technology leadership on evidence quality, control maturity, and remediation accountability.
Cross-Team Orchestration
• Coordinate endpoint, infrastructure, cloud, and application remediation dependencies across CIO teams, SREs, DevOps, and vendors.
• Escalate blocked remediation caused by application validation, reboot approvals, access constraints, tooling gaps, vendor delays, or production sign-off issues.
• Partner with automation teams to reduce manual validation and increase evidence capture.
Authority and Scope
• Set remediation expectations, SLA timelines, status reporting standards, and evidence requirements for in-scope vulnerabilities.
• Require remediation plans, target dates, owner assignment, and time-bound exception requests from infrastructure, endpoint, cloud, and application teams.
• Escalate missed deadlines, unresolved blockers, unmanaged risk, and unsupported exceptions through formal governance channels.
Success Measures & Key Outcomes (First 6-12 Months)
• Critical and High SLA adherence improves across endpoint, infrastructure, cloud, and application-dependent services.
• Reduction in aging vulnerabilities, repeat findings, exception backlog, and ownerless assets.
• Executive dashboards are accurate, current, and used for decision-making.
• Closure quality improves through scan validation, automated testing evidence, and documented remediation records.
What You'll Bring:
• 10+ years in IT Operations, Infrastructure, Security Engineering, SRE, or Vulnerability Management, with experience leading cross-functional remediation programs.
• Strong understanding of vulnerability scanning, patching, change, exception, asset inventory, and remediation governance.
• Experience with Qualys, Tanium, ServiceNow/Jira, CMDB, dashboarding, executive reporting, and SLA management.
• Ability to influence senior stakeholders and drive decisions across Technology, Security, Risk, and Application teams.
Nice to Have
• Financial services or regulated-industry experience.
• Familiarity with cloud security posture, container security, DevOps, CI/CD, and application security integrations.
• Certifications such as CISSP, CISM, CRISC, ITIL, cloud security, or SRE-related credentials.
Working Model
Hybrid role requiring regular collaboration with IT Operations, Cybersecurity, Risk, CIO application teams, and executive stakeholders. Occasional off-hours engagement is expected during zero-day events, Critical VIT response, or major remediation campaigns.
Pay Transparency
Salary Range: $111,500-$159,000
Overtime eligible: Exempt
Discretionary bonus eligible: Yes
Sales bonus eligible: No
Actual base salary will be determined based on several factors but not limited to individual's experience, skills, qualifications, and job location. Additionally, employees are eligible for an annual discretionary bonus. In addition to base salary, employees may also be eligible to participate in an incentive program.
Company Overview
At New York Life, our 180-year legacy of purpose and integrity fuels our future. As we evolve into a more technology-, data-, and AI-enabled organization, we remain grounded in the values that drive lasting impact.
Our diverse business portfolio creates opportunities to make a difference across industries and communities-inviting bold thinking, collaborative problem-solving, and purpose-driven innovation. Here, you'll find the rare balance of long-standing stability and forward momentum, supported by an inclusive team that honors tradition while embracing progress.
As a Fortune 100 mutual company, we offer a place to grow your skills, contribute to meaningful work, and deliver solutions that matter. Your ideas drive what's next, and your growth powers it.
Our Benefits
We provide a full package of benefits for employees - and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs. Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work.Click hereto discover more about our comprehensive benefit options or visit our NYL Benefits Site.
Our Commitment to Inclusion
At New York Life, fostering an inclusive workplace is fundamental to who we are and how we serve our communities. We have a longstanding commitment to creating an environment where individuals can contribute their best and succeed together. This foundation is rooted in our core values of humanity and integrity, ensuring that every employee feels valued and supported. By embracing a broad range of perspectives and experiences, we achieve greater success and fulfill our promise of providing financial security and peace of mind to families across all communities. Click here to learn more about New York Life's leadership in this space.
Recognized as one of Fortune's World's Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and volunteerism, supported by the Foundation. We're proud that due to our mutuality, we operate in the best interests of our policy owners. To learn more about career opportunities at New York Life, please visit the Careers page of www.NewYorkLife.com.
Visit our LinkedIn to see how our employees and agents are leading the industry and impacting communities.
Visit our Newsroom to learn more about how our company is constantly evolving to meet our clients' and employees' needs.
Job Requisition ID: 94269
#BI-Hybrid