- New York, NY, USA
- Permanent, Full time
- 21 Sep 17
AVP-Information Security Risk Analyst
Location: New York, NY, USAMoody's is seeking an Information Security Risk Analyst to join the IT Risk organization and be part of a team responsible for IT Risk Assessments, including cyber assessments of Third Parties and third party products. The role will be responsible for participating in and further developing the Third Party Cyber Risk Management program aimed to identify, mitigate, monitor and manage risks associated with Third Party relationships. The role will also be responsible for assessing new software and vendor products. In addition to assessment responsibilities, this position will act in an advisory role to Moody's affiliates to strengthen their cyber risk posture and establish appropriate cyber risk & security standards. Other responsibilities may include conducting contract reviews, coordinating IT Risk responses to client inquiries, as well as other departmental initiatives, administrative matters, and special projects as assigned by the Information Security leadership team.
- Serve as a Subject Matter Expert (SMEs) for Third Party Cyber Risk Management
- Plan, conduct and manage Third Party cyber risk assessments in accordance with Moody's Third Party Cyber Risk Management program
- Partner with Sourcing, Business Owners and other stakeholders to understand the third party relationships, and tier third parties based on the engagement details
- Issue and manage the completion of due diligence questionnaires with vendors
- Review and assess third party due diligence questionnaires and supplied documentation
- Identify, document and measure third party risk
- Effectively document and communicate risk assessment results
- Communicate the risks to Business Owners and stakeholders
- Develop proposed remediation solutions for identified risks and work with the vendors to track remediation to closure
- Plan and conduct onsite Third Party assessments in the US and abroad, develop onsite reports, manage remediation activities for identified risks and track them to closure
- Be actively engaged in Third Party Cyber Risk Management program development and maturing of risk management processes, tools, metrics and reporting
- Conduct IT Risk assessments of new software and vendor products. Identify, document and measure risks. Communicate the risks to Business Owners and stakeholders
- Acti in advisory role to Moody's affiliates to strengthen their cyber risk posture and establish appropriate cyber risk & security standards
• Bachelor's degree
• 3-5 years of experience in Third Party risk management, information security, or related It Risk experience
• Solid understanding of information security principles, standards and best practices
• Familiarity with cyber security frameworks and standards (ISO, NIST, COBIT, BITS, SIG/AUP, etc.), SSAE16-18, SOC reports
• Applied technical background associated with data security, systems architecture, infrastructure, cloud computing, etc.
• Highly motivated, self-sufficient individual, able to work independently
• Ability to take the initiative and achieve results in a fast-paced and dynamic environment
• Excellent interpersonal, written and verbal communication skills
• Ability to tailor communication to the audience; ability to express technical observations and opinions in layman terms
• CISSP, CISM, CRISC, CISA or equivalent certifications a plus
• 10% multi-day travel to Third Party locations in the US and abroad as required
Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.6 billion in 2016, employs approximately 10,700 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email firstname.lastname@example.org.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.