Associate Director - Risk Management
Job Description Sales Enablement and Controls Assurance
Enterprise Risk Management
- Be a trusted partner for Moody's sales teams. Plan, coordinate, and develop materials for, and deliver risk and controls training related to MA products to enable Sales to address customer product inquiries and concerns faster and more accurately.
- Support the SOC compliance program for Moody's Analytics products by providing subject matter expertise, documenting controls and control gaps, and identifying and acting on process improvement opportunities to improve program efficiency.
Cyber and Data Risk Program Management and Coordination
- Work with the enterprise risk management team to support ERM reporting to senior business management and Moody's Board of Directors. Partner with risk owners to assess risk impact, and develop and track mitigation plans.
- Work with the Moody's Information Risk and Security to ensure cross-organizational participation and communication across program work streams. Collaborate with Information Risk to drive working group for on-going communications and awareness activities related to cyber risk.
- Provide subject matter expertise on personal data risk, data privacy, and data protection.
- Manage risk identification and drive remediation project activities. A key focus area is the continued maturation of controls and processes around sensitive data, including personal data. Support firm-wide GDPR and CCPA compliance efforts.
- Coordinate with privacy legal teams (Americas and EMEA) to identify and address risks associated with key privacy and regulatory requirements, including GDPR records of processing activities and development of OneTrust repository and GDPR audits.
Minimum education and work experience required for this position include:
- 10 years' experience in risk management, information security, data privacy, project management, and/or audit, preferably in a financial services or consulting organization.
- BS or BA degree, preferably in technology, business or equivalent.
- Relevant certifications such as CISSP, CISM, CRISC, CISA, or PMP are a plus.
- Track record of successful delivery of projects and initiatives within schedule and budget.
- Able to effectively lead cross-functional project teams that consist of indirect reports; have a proven ability to marshal resources, delegate tasks, provide guidance, set expectations for quality, manage and resolve issues or conflicts, and provide timely and transparent project information to senior management.
- Ability to develop a full and deep understanding of the business operations, and how they create value and risk for organizations.
- Ability to think with a control and process mindset. Experience managing risk, security, or control programs, preferably aligned with ISO or NIST standards. Familiarity with data privacy regulations and compliance requirements is a plus.
- Ability to effectively analyze risk within the context of the business problems.
- Adaptability and flexibility to work on a variety of assignments as defined by current priorities.
- Strong presentation skills to audiences at all levels; ability to adjust message and filter details based on audience.
- Demonstrated ability to interact effectively, internally and externally, with senior representatives of the organization.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email email@example.com. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law. Click here to view our Pay Transparency Nondiscrimination statement.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.