Job Description

Location Designation: Hybrid - 3 days per week

Lead the enterprise operating model for vulnerability and patch remediation across infrastructure, cloud, endpoints, and application-dependent services. This role will build and lead a centralized remediation function that converts vulnerability findings into measurable risk reduction through structured intake, prioritization, ownership assignment, accelerated patch execution, application validation, exception governance, and evidence-based closure.

The role is accountable for driving remediation performance across multiple teams, including Patch & Vulnerability Ops, Endpoint Patching SRE, Infrastructure Patching SRE, App Remediation / SRE partners, Security, Cloud, DevOps, and CIO application teams. Success requires strong operating discipline, clear executive reporting, automation-first execution, and the authority to escalate blockers when remediation stalls.

This leader will also guide the enterprise response to Mythos-related remediation priorities, including Critical VITs, High-priority vulnerabilities, AWS remediation, EOL OS modernization, browser/server hardening, and application regression testing automation.

What You’ll Do:

Enterprise Vulnerability & Patch Operating Model

• Build and lead the centralized Enterprise Vulnerability & Remediation function across infrastructure, endpoint, cloud, and application-dependent services.
• Define the end-to-end intake-to-closure workflow for vulnerabilities, patches, Critical VITs, zero-days, EOL remediation, and exception handling.
• Establish severity-based remediation lanes, including:
• Same-day / P1 response for zero-days
• 24-hour automated response for Critical VITs
• 3-day cycle for High-priority patches
• 6-day accelerated cycle for priority remediation
• Ensure every vulnerability has clear ownership, target dates, remediation plan, validation evidence, and closure disposition.
• Drive daily operational governance and weekly executive reporting across remediation workstreams.

Patch & Vulnerability Operations

• Oversee centralized vulnerability intake, prioritization, SLA tracking, remediation coordination, reporting, and escalation.
• Ensure findings from Qualys, Tanium, cloud tools, security alerts, vendor advisories, and exception requests are triaged and routed to accountable owners.
• Maintain enterprise dashboards for open vulnerabilities, aging, SLA adherence, exception status, rollback activity, automation coverage, and closure evidence.
• Drive remediation discipline across platform, endpoint, cloud, and application teams.
• Ensure vulnerabilities are not closed until validated through scan results, automated testing, system health checks, or approved risk acceptance.

Endpoint Patching SRE Oversight

• Lead the endpoint patching reliability function responsible for endpoint patch execution, deployment waves, reboot compliance, endpoint health, and rollback coordination.
• Standardize endpoint patching controls across pilot rings, production waves, user-impact monitoring, failed install tracking, and exception handling.
• Ensure endpoint patching supports accelerated remediation timelines while maintaining controls for VPN, EDR, authentication, productivity tools, and user-impacting issues.
• Partner with Endpoint Engineering, Service Desk, Security, and Operations teams to resolve endpoint patch failures and reduce repeat defects.

Infrastructure Patching SRE Oversight

• Lead the infrastructure patching reliability function across Windows, Linux, middleware, databases, cloud-hosted servers, and related platform services.
• Establish lower-environment, canary, and production patching waves with clear go/no-go criteria.
• Standardize patch baselines, maintenance windows, reboot strategy, rollback readiness, compensating controls, and patch failure handling.
• Drive cloud patching execution through approved tools such as Qualys Patch Management, Tanium, AWS Systems Manager Patch Manager, and related automation platforms.
• Ensure post-patch validation includes reboot success, service startup, monitoring agent health, scan validation, and closure evidence.

Application Remediation / SRE Coordination

• Partner with CIO application teams, DevOps, and SREs to ensure application readiness does not become a blocker to vulnerability remediation.
• Establish structured application-team engagement for ownership confirmation, business criticality, testing windows, release constraints, reboot approvals, and production sign-off.
• Drive application regression testing automation to reduce manual validation time and enable accelerated patch cycles.
• Ensure application teams define smoke tests, API checks, service checks, transaction validation, dependency checks, and pass/fail criteria.
• Support application-level remediation for libraries, middleware compatibility, certificates, runtimes, code fixes, configuration changes, and dependency upgrades.
• Escalate application readiness, code/configuration, or sign-off delays that threaten Mythos, CBS, AWS remediation, EOL remediation, or Critical VIT timelines.

AWS, Cloud, and EOL Remediation

• Lead remediation governance for AWS/cloud patching, including non-production rollout, production rollout, BAU transition, tool enablement, and execution risk management.
• Oversee remediation blockers such as non-reporting agents, root-volume constraints, reboot dependencies, application/SRE coordination, and access limitations.
• Coordinate EOL OS modernization strategy with platform, cloud, vendor, and application teams.
• Ensure EOL remediation is tracked through fresh build, replatforming, hardened AMIs, Terraform automation, CI/CD pipelines, EKS for container-ready workloads, and EC2 for non-container workloads.
• Drive executive visibility into EOL exposure, impacted applications, SLT ownership, modernization waves, and dependency risks.

Automation, Tooling, and Evidence

• Define the automation roadmap for patch deployment, health checks, application regression testing, scan validation, dashboards, and closure evidence.
• Partner with DevOps and CIO teams to evaluate New Relic monitors, synthetic checks, service health dashboards, alert policies, and performance baselines as near-term accelerators for post-patch validation.
• Ensure tooling supports vulnerability-informed remediation, automated deployment, compliance reporting, evidence capture, and closure workflows.
• Drive integration across Qualys, Tanium, AWS Systems Manager, CI/CD platforms, CMDB, ITSM, monitoring tools, and reporting dashboards.

Exception, Risk, and Escalation Governance

• Define and enforce exception standards, including business justification, compensating controls, expiration dates, remediation commitments, and approval authority.
• Challenge unsupported or open-ended exceptions.
• Escalate missed deadlines, unresolved blockers, owner gaps, testing delays, and unmanaged risk through formal governance channels.
• Ensure remediation issues move to one of the required outcomes: deploy, fix, roll back, compensate, exception, or validated closure.

Authority and Scope

This role requires senior leadership endorsement to operate across organizational boundaries. The role holder is empowered to:

• Set enterprise remediation expectations, timelines, and SLA discipline.
• Require remediation plans and target dates from infrastructure, endpoint, cloud, application, and vendor teams.
• Escalate unresolved blockers, missed timelines, and unmanaged risk.
• Require time-bound exceptions with compensating controls and accountable owners.
• Coordinate remediation activity spanning endpoints, servers, cloud, middleware, applications, EOL platforms, and critical vulnerabilities.
• Drive CIO/application-team engagement where application validation, code changes, dependency fixes, or production sign-off are required.

Success Measures and Key Outcomes: First 6–12 Months

• Operating model launched: Centralized vulnerability and patch remediation function established with clear roles, RACI, workflows, dashboards, and escalation paths.
• Accelerated patch lanes operational: 24-hour Critical VIT, 3-day High-priority, and 6-day accelerated priority patching cycles implemented.
• AWS/cloud patching stabilized: Qualys/cloud patching enabled, non-reporting agents and root-volume constraints tracked, and production patching moved into BAU.
• EOL modernization governed: EOL OS exposure tracked by application, SLT, platform, modernization wave, and dependency status.
• Application validation accelerated: Critical applications onboarded to smoke tests, health checks, New Relic or CI/CD validation, and exception-based review.
• SLA performance improved: Reduction in aging Critical and High vulnerabilities, overdue remediation, and repeat exposure.
• Evidence quality improved: Closure based on scan validation, automated test results, health checks, and documented remediation evidence.
• Exception backlog controlled: Exceptions are time-bound, risk-reviewed, and actively managed.
• Executive visibility established: Leadership reporting in place for backlog, SLA compliance, aging, closure, rollback, exceptions, automation coverage, and unresolved blockers.

What You'll Bring:

• 12–15+ years of experience in IT Operations, Infrastructure, Security Engineering, Cloud Operations, SRE, or Enterprise Technology leadership.
• 5+ years leading vulnerability management, patching, remediation, infrastructure operations, or enterprise reliability functions at scale.
• Deep understanding of enterprise platforms, including Windows, Linux, endpoints, middleware, databases, AWS/cloud infrastructure, containers, and application-dependent services.
• Experience with vulnerability and patching tools such as Qualys, Tanium, AWS Systems Manager Patch Manager, endpoint management platforms, CMDB, ITSM, and reporting dashboards.
• Strong knowledge of patch management, change management, configuration management, exception governance, and evidence-based closure.
• Experience coordinating application teams for testing, dependency remediation, code/configuration changes, release windows, and production sign-off.
• Strong understanding of cloud remediation, EOL modernization, hardened images, Terraform, CI/CD, EKS, EC2, and DevOps operating models.
• Demonstrated ability to influence senior stakeholders, drive accountability across organizational boundaries, and escalate unmanaged risk.
• Strong executive communication skills with the ability to translate technical remediation risk into clear business impact and action plans.

Nice to Have

• Experience in financial services or another highly regulated industry.
• Familiarity with NIST CSF, CIS Controls, SOX, NYDFS, PCI, or similar regulatory/control frameworks.
• Experience with New Relic, synthetic monitoring, application regression automation, CI/CD test orchestration, and evidence capture.
• Certifications such as CISSP, CISM, CRISC, CCSP, AWS, ITIL, or SRE-related credentials.
• Experience building remediation factories, centralized vulnerability operations, or large-scale EOL modernization programs.

Working Model

Hybrid role based in New York, NY with regular in-person collaboration for governance forums, planning sessions, executive reviews, and major remediation events. Occasional off-hours engagement will be required for zero-day response, Critical VIT remediation, production patching, cloud patching events, or major remediation campaigns.

This role operates at the intersection of IT Operations, Cybersecurity, Cloud, Endpoint, Infrastructure, DevOps, and CIO application teams to reduce enterprise risk while maintaining platform reliability and business continuity.

Pay Transparency

Salary Range: $147,500-$211,000

Overtime eligible: Exempt

Discretionary bonus eligible: Yes

Sales bonus eligible: No

Actual base salary will be determined based on several factors but not limited to individual’s experience, skills, qualifications, and job location. Additionally, employees are eligible for an annual discretionary bonus. In addition to base salary, employees may also be eligible to participate in an incentive program.

Our Benefits

We provide a full package of benefits for employees – and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs. Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work. Click hereto discover more about our comprehensive benefit options or visit our NYL Benefits Site

Our Commitment to Inclusion
At New York Life, fostering an inclusive workplace is fundamental to who we are and how we serve our communities. We have a longstanding commitment to creating an environment where individuals can contribute their best and succeed together. This foundation is rooted in our core values of humanity and integrity, ensuring that every employee feels valued and supported. By embracing a broad range of perspectives and experiences, we achieve greater success and fulfill our promise of providing financial security and peace of mind to families across all communities. Click here to learn more about New York Life’s leadership in this space.​

Recognized as one of Fortune’s World’s Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and volunteerism, supported by the Foundation We're proud that due to our mutuality, we operate in the best interests of our policy owners. To learn more about career opportunities at New York Life, please visit the Careers page of www.NewYorkLife.com

​Visit our LinkedIn to see how our employees and agents are leading the industry and impacting communities.

Visit our Newsroom to learn more about how our company is constantly evolving to meet our clients' and employees’ needs.

Job Requisition ID: 94038