AVP - IT Risk (Product and Process Quality Management)

This role is responsible for supporting the goals of the IT Risk organization, enabling process adherence to the Project Delivery Lifecycle as a control point, and providing a central point of contact and communication concerning PDLC audits and SOX. The role reports to the SVP, Governance, Awareness and Compliance.

Responsibilities include:
  • Gain an expert understanding of Moody's PDLC.
  • Partner with the PPQA, Project Delivery, and IT Risk Control teams, to provide the management, organization and written material for Internal or External Audit MIT Responses.
  • Assume project management ownership for the implementation of all PDLC enhancements derived from audit findings.
  • Working with PPQA, Corporate Planning, Accounting and Internal Audit, Manage the plans and narratives of SOX processes to enable MIT SOX compliance.
  • Provide PDLC guidance and support, while also being a solid control point for PDLC process adherence to Project Delivery Teams; escalate appropriately when issues arise.
  • Conduct PDLC project phase gates for a select portfolio of large multi-million dollar projects plus oversight on the smaller Maintenance and Enhancement portfolio.
  • Key PPQA partner to the IT RISK PMO, enabling process adherence to the PDLC and mitigating audit findings from occurring. Ensure the incorporation of any audit finding remediations are instantiated into the IT RISK project portfolio.
  • Create appropriate level metric/reports. Provide support for PPQA status reporting.
  • Bring hands on technical acumen and skill sets to the role, driving analysis, development, improvements and efficiencies within the PPQA and IT Risk space.
  • Ability to take abstract concepts and themes and formulate concrete proposals ultimately driving selected opportunities through to implementation.


Planning Governance Controls


  • Extensive experience in partnering closely with an Audit function; proven experience in identifying potential audit findings within a technology delivery organization.

  • Hands on and proven experience in implementing projects utilizing various implementation frameworks such as agile/scrum, waterfall, iterative, OPENUP, TOGAF.

  • Must have experience driving quality/process management activities in a large environment with a proven track record of delivering methods, disciplines and quality improvements.

  • Must have strong, enterprise wide business acumen to operate within this control point function, while being flexible to changing business needs, with a deep understanding of how technology enables a business.

  • Experience working with teams that have implemented/worked with the SANS and NIST frameworks and the impact to an organization

  • Solid experience in partnering and supporting an IT Risk Controls function, understanding the relationship of a project portfolio and the implementation or maturation the controls it addresses

  • EXCELLENT written and oral communications with the ability to calibrate the message to various levels of management and job functions.

  • Excellent MS Office skill set; SQL and Tableau

  • Excellent consulting skills, in influencing and partnering with end users, providing adherence commentary in a facilitated manner, while still operating as a control point for the organization.

  • At least 7 years of experience in an IT Risk function in the a regulated financial services industry.

  • At least 7 years of excellent project management experience on large, cross functional, multi-million dollar projects/programs

  • University degree (Bachelor or Master level) in technology or information security related studies

  • PMP and/or Certified Internal Auditor

  • Proficiency in process Industry Standards and Best Practices such as Six Sigma, PMP, CMM, ITIL, TQM

  • Good influencing skills within the team, department, across departments and various levels of management

  • Ability to work well under pressure, respond to tight deadlines and exercise excellent judgment in setting priorities

  • A self-starter, solution orientated and team player


Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.5 billion in 2015, employs approximately 10,400 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.

MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.