Vice President, IT Risk Assessment and Architecture

Moody's IT Risk department is looking for a Vice President - Security Architecture to join its growing organization. This is a challenging position requiring a strong background in Information Security practice, deep knowledge of Information Security standards and best practices, and solid communication and organization skills. The candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability to work independently and with minimal oversight.

The Moody's IT Risk team is responsible for helping the organization balance risk by aligning policies and procedures with Moody's business requirements. The team has global responsible for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. The Information Security team sets strategic direction for security within the organization and aligns with stakeholders throughout the company. The team is responsible for key programs including Security Architecture, Cyber Security, Identity Management and Vendor Security Management.

Functional Responsibilities
  • Provide security architecture designs, design approvals, and consulting services for enterprise IT projects that cross multiple platforms and ensure alignment with Moody's desired security architecture and library of best practices
  • Conduct security assessments and manage remediation activities for in-house developed applications - must have a strong understanding of secure-coding standards and practices. Be able to develop evaluations of vendor developed code and determining if there are known vulnerabilities
  • Act as a liaison to Moody's Enterprise Architecture Group, ensuring Moody's is adhering to architecture best practices such as TOGAF and SABSA frameworks for Architecture Initiatives
  • Work directly with product and development managers to track and remediate application vulnerabilities
  • Mature and help implement Moody's Threat Modeling capability with SDLC and Application development efforts
  • Support the creation of Moody's Information Security policies and standards aligned with industry best practices and business needs
  • Represent IT Risk on organizational project teams and ensure adherence to existing security policies ,standards, and identified reference architectures
  • Lead and Drive the creation of and adherence to Cyber-Security and Information Security Reference Architectures
  • Run secure integration efforts when Moody's on-boards corporate acquisitions performing the necessary due diligence
  • Represent Security Architecture at both the Moody's Software Development Life Cycle forum and Product Development Life Cycle reviews
  • Act as a security consultant in the delivery of Information Security projects and services for our customers by working directly with key business stakeholders, Moody's IT (MIT) executives and project teams.


Cyber Security Services

Minimum 10 or more years of experience in the IT industry, with specific focus performing at least two of the following roles:
  • IT / Cyber Security Architecture
  • Financial Services IT Operations
  • Consulting within the IT Industry with particular focus on Enterprise Architecture (familiarity with both TOGAF and SABSA are plusses)
  • Subject Matter Expertise in IT Risk and Cyber Security
  • Shares Services Application: HR, Finance, etc.

Education, Training, and Certifications
  • BS or BA degree, preferably in technology/business or equivalent is required, Master's Degree is a plus
  • Relevant certifications such as CISSP, CISM, SANS, or other known technical security certifications are a plus


Key Competencies

  1. Ability to think with a security mindset. The successful candidate has a strong IT background with in depth knowledge of several key security practice area: access control; application security; network security; security architecture; security strategy.
  2. Adaptability and flexibility to work on a variety of assignments as defined by constantly evolving priorities.
  3. Maintains knowledge base on high profile, public cyber security breaches and able to quickly understand and articulate their associated actors, exploits and opportunities to improve Moody's specific defense capabilities.
  4. Strong knowledge of application architecture, development and secure coding practices.
  5. Strong knowledge of regulatory standards that govern Information Security practices within the Financial Industry such as SOX, PCI, and state and federal privacy laws.
  6. Knowledge of Identity and Access Management (IAM) technologies such as Identity Management platforms, Active Directory, Authentication/Authorization protocols, Provisioning, and Single Sign On technologies.
  7. Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
  8. Strong presentation skills involving large and of varying IT background audiences.
  9. Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model.


Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.5 billion in 2015, employs approximately 10,400 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.

MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.