Corporate Vice President, Red Team Program Lead

Red Team Program Lead

Location Designation:
Hybrid – 3 days per quarter

The role reports to the Head of Cyber Risk Management, inside the Technology Risk organization, and supports the execution, governance, and operational management of New York Life’s Red Team Program. The Red Team Program Lead is responsible for planning, coordinating, and executing adversary‑informed security exercises that evaluate the company’s ability to prevent, detect, respond to, and recover from realistic cyber threats, including AI‑driven red teaming and exercises against AI in its various forms.

This position leads the program’s operating cadence, engagement pipeline, stakeholder coordination, vendor activities, executive reporting, and outcome tracking. The role requires strong program‑oriented discipline, organizational knowledge, relationship management, and the ability to communicate and drive complex work across technology, cybersecurity, business, and control functions.

• Manage the Red Team Program engagement pipeline, including intake, prioritization, planning, scheduling, execution tracking, and post‑engagement follow‑up.
• Maintain program plans, milestones, deadlines, dependencies, and deliverables across concurrent exercises and related activities.
• Support annual and quarterly planning activities, including exercise selection, resource planning, stakeholder alignment, and program roadmap maintenance.
• Track program risks, issues, decisions, and dependencies, escalating items as appropriate to leadership.
• Help establish and maintain repeatable processes, templates, procedures, and governance documentation.

• Coordinate across cybersecurity, technology operations, risk, business, and control functions to support the successful planning and execution of Red Team engagements.
• Build and maintain positive relationships with stakeholders, including during exercises that may involve sensitive findings, operational disruption concerns, or adversarial scenarios.
• Serve as a point of coordination between the Red Team Control Board, technical operators, defensive teams, technology owners, business stakeholders, and executive audiences.
• Support pre‑engagement communications, rules of engagement, stakeholder briefings, deconfliction activities, and post‑engagement readouts.
• Exercise extreme discretion and sound judgment when handling confidential plans, sensitive results, and need‑to‑know communications.

• Support the definition and documentation of engagement scope, objectives, assumptions, constraints, timelines, and success criteria.
• Track observations, findings, themes, and remediation commitments resulting from Red Team exercises and related security assessments.
• Partner with stakeholders to drive follow‑up actions, confirm ownership, monitor progress, and support timely resolution of agreed outcomes.
• Help categorize engagement results in a consistent and meaningful manner to support trend analysis, executive reporting, and risk‑informed decision‑making.
• Maintain accurate records of completed exercises, key outcomes, lessons learned, and program metrics.

• Develop and maintain program reporting, dashboards, and executive‑level materials summarizing Red Team activity, outcomes, risks, trends, and remediation progress.
• Translate complex cybersecurity concepts and exercise results into clear, practical, and audience‑appropriate communications.
• Support recurring updates to cybersecurity leadership, technology leadership, risk partners, and other executive stakeholders.
• Identify recurring control gaps, organizational themes, and opportunities to improve cyber defense capabilities based on engagement results.
• Ensure reporting is accurate, balanced, actionable, and appropriately sensitive to audience and confidentiality considerations.

• Support selection and management of third‑party vendors engaged in Red Team, adversary simulation, or related cybersecurity assessment activities.
• Coordinate vendor onboarding,…