• Competitive
  • New York, NY, USA
  • Permanent, Full time
  • Moody's
  • 2019-06-24

Assistant Director - Risk Management

Location: New York, NY, USA

The Moody's Analytics Risk Management team oversees Moody's Analytics enterprise risk management framework and implements its information security program, with the objectives of safeguarding sensitive business data, protecting data privacy, addressing security threats, ensuring legal and regulatory compliance, meeting customer requirements for controls assurance, and promoting user awareness. The team collaborates with lines of business across Moody's Analytics and Moody's IT to reduce risk to acceptable levels while enabling business priorities.
The Assistant Director - Risk Management will implement program work streams and support other operational risk management activities. The role requires a motivated self-starter to actively and professionally engage internal business and technology partners and Moody's customers to drive appropriate risk-based decisions and activities.

Responsibilities

Controls Assurance and Customer Inquiry Handling
  • Respond promptly to external customer inquiries about Moody's Analytics products and systems and their information security and other controls. Be a trusted partner for Moody's sales teams to meet customer requirements and support RFPs and the sales process. Work with customers to complete their annual vendor third-party risk reviews of Moody's products and services.
  • Support the SOC compliance program for Moody's Analytics products by providing subject matter expertise, documenting controls and control gaps, and identifying and acting on process improvement opportunities to improve program efficiency.

Enterprise Risk Management
  • Manage risk identification and drive remediation project activities. A key focus area is the continued maturation of controls and processes around sensitive data, including personal data. Support firm-wide GDPR and CCPA compliance efforts.
  • Work with the enterprise risk management team to support ERM reporting to senior business management and Moody's Board of Directors. Partner with risk owners to assess risk impact, and develop and track mitigation plans.
  • Work with the enterprise risk management team to support ERM reporting to senior business management and Moody's Board of Directors. Partner with risk owners to assess risk impact, and develop and track mitigation plans.
Cyber Risk Program Management and Coordination
  • Work with the Moody's Information Risk and Security to ensure cross-organizational participation and communication across program work streams.
  • Manage program deliverables and milestones, and communicate status and results to senior management. Program initiatives include patch and vulnerability management, secure application development and testing.
  • Coordinate roll out of and improvements to information security controls and work with lines of business, and Information Risk and Security to implement reporting, exception handling, and attestation of steady-state controls.


Qualifications
Required
  • Minimum education and work experience required for this position include:
    • 7 years' experience in IT risk management, information security, data privacy, project management, and/or IT audit, preferably in a financial services or consulting organization.
    • BS or BA degree, preferably in technology, business or equivalent.
    • Relevant certifications such as CISSP, CISM, CRISC, CISA, or PMP are a plus.

Key Competencies
  • Track record of successful delivery of projects and initiatives within schedule and budget.
  • Able to effectively lead cross-functional project teams that consist of indirect reports; have a proven ability to marshal resources, delegate tasks, provide guidance, set expectations for quality, manage and resolve issues or conflicts, and provide timely and transparent project information to senior management.
  • Ability to develop a full and deep understanding of the business operations, and how they create value and risk for organizations.
  • Ability to think with a control and process mindset. Experience managing risk, security, or control programs, preferably aligned with ISO or NIST standards. Familiarity with data privacy regulations and compliance requirements is a plus.
  • Ability to effectively analyze risk within the context of the business problems.
  • Adaptability and flexibility to work on a variety of assignments as defined by current priorities.
  • Strong presentation skills to audiences at all levels; ability to adjust message and filter details based on audience.


Preferred
  • Demonstrated ability to interact effectively, internally and externally, with senior representatives of the organization.


Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.