AVP-IT Risk and Architecture

Moody's IT Risk department is looking for an Assistant Vice President - IT Risk Architecture to join its growing organization. This is a challenging position requiring a strong background in Information Security practice, deep knowledge of Information Security standards and best practices, and solid communication and organization skills. The candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability to work independently and with minimal oversight.

The Moody's IT Risk Management team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody's business and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company's Cyber Security program. The IT Risk Management team sets strategic direction for IT risk and security globally and aligns with stakeholders throughout the organization.

Functional Responsibilities
  • Provide security consulting services for enterprise projects that cross multiple technologies and platforms to ensure alignment with Moody's Information Security architecture standards
  • Work directly with product and development managers to track and remediate application vulnerabilities
  • Lead and Drive the creation of and adherence to Cyber-Security and Information Security Reference Architectures
  • Represent Information Security on organizational project teams and ensure adherence to existing security policies ,standards, and identified reference architectures
  • Represent Security Architecture at both Software Development Life Cycle and Product Development Life Cycle reviews
  • Assist to evaluate security concerns with new and emerging technologies with particular focus on Cloud, SaaS, and IaaS
  • Support the successful delivery of Information Security projects and services for our customers by working directly with key business stakeholders, Moody's IT (MIT) executives and project teams


Risk Assessment & Architecture

Minimum education and work experience required for this position include:
  • Minimum 7-10 years of experience in IT industry, preferably in a financial services or consulting organization
  • BS or BA degree, preferably in technology/business or equivalent
  • Relevant certifications such as CISSP, CISM are a plus
Key Competencies:

  • Ability to think with a security mindset. The successful candidate has a strong IT background with in depth knowledge of several key security practice area: access control; application security; network security; security architecture; security strategy
  • Adaptability and flexibility to work on a variety of assignments as defined by constantly evolving priorities
  • Current on high profile, public cyber security breaches and able to understand and articulate their associated actors, exploits and opportunities to improve defense capability
  • Strong knowledge of application architecture, development and secure coding practices.
  • Strong knowledge of regulatory standards that govern Information Security practices such as SOX, PCI, and state and federal privacy laws.
  • Knowledge of Identity and Access Management (IAM) technologies such as Identity Management platforms, Active Directory, Authentication/Authorization protocols, Provisioning, and Single Sign On technologies.
  • Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
  • Strong presentation skills involving large and of varying IT background audiences.
  • Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model.


Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.5 billion in 2015, employs approximately 10,400 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.

MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.