• Competitive
  • Gurgaon, Haryana, India
  • Permanent, Full time
  • Moody's
  • 18 Dec 17

AVP - IT Risk Assessment

Location: Gurgaon, Haryana, India

Responsibilities :
• Serve as a Subject Matter Expert (SMEs) for Third Party Cyber Risk Management
• Plan, conduct and manage Third Party cyber risk assessments in accordance with Moody's Third Party Cyber Risk Management program
o Partner with Sourcing, Business Owners and other stakeholders to understand the third party relationships, and tier third parties based on the engagement details
o Issue and manage the completion of due diligence questionnaires with vendors
o Review and assess third party due diligence questionnaires and supplied documentation
o Identify, document and measure third party risk
o Effectively document and communicate risk assessment results
o Communicate the risks to Business Owners and stakeholders
o Develop proposed remediation solutions for identified risks and work with the vendors to track remediation to closure
o Plan and conduct onsite Third Party assessments in the US and abroad, develop onsite reports, manage remediation activities for identified risks and track them to closure
• Be actively engaged in Third Party Cyber Risk Management program development and maturing of risk management processes, tools, metrics and reporting
• Conduct IT Risk assessments of new software and vendor products. Identify, document and measure risks. Communicate the risks to Business Owners and stakeholders
• Act in advisory role to Moody's affiliates to strengthen their cyber risk posture and establish appropriate cyber risk & security standards.

Risk Assessment_Architecture

Qualifications:
• Bachelor's degree
• 3-5 years of experience in Third Party risk management, information security, or related It Risk experience
• Solid understanding of information security principles, standards and best practices
• Familiarity with cyber security frameworks and standards (ISO, NIST, COBIT, BITS, SIG/AUP, etc.), SSAE16-18, SOC reports
• Applied technical background associated with data security, systems architecture, infrastructure, cloud computing, etc.
• Highly motivated, self-sufficient individual, able to work independently
• Ability to take the initiative and achieve results in a fast-paced and dynamic environment
• Excellent interpersonal, written and verbal communication skills
• Ability to tailor communication to the audience; ability to express technical observations and opinions in layman terms
• CISSP, CISM, CRISC, CISA or equivalent certifications a plus
• 10% multi-day travel to Third Party locations as required

Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.6 billion in 2016, employs approximately 10,700 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation or any other characteristic protected by law.