• Competitive
  • New York, NY, USA
  • Permanent, Full time
  • Moody's
  • 2018-05-24

Senior IT Controls Lead

Location: New York, NY, USA

This role is responsible for supporting the goals of the Business Systems Delivery organization, by serving as a single point of contact and a SME for IT audit and SOX audit activities affecting the BVD portfolio within the Enterprise Business Systems team (EBS). The ideal candidate will have strong analytical and problem solving skills with a creative and design-centric approach. They are expected to contribute to the development and growth of the function, by creating frameworks for the development, tracking, and execution of controls and assurance-related initiatives within the BVD portfolio.

Responsibilities include:
  • Gain a working understanding of Moody's internal audit process, become familiar with the BVD application portfolio and expected suite of controls, learn relevant internal policies, and demonstrate an excellent understanding of the required controls (PDLC, IT General Controls, Completeness/Accuracy Testing of Reports and Interfaces).
  • Ensure that the required controls are in-place, and are functioning adequately and effectively through initial design, and periodic monitoring of processes such as: User Access Administration controls, Segregation of Duties Controls, Change Management Contols, IT Operations Controls (including the monitoring of scheduled jobs, incident management, and backup/replication controls), SaaS and Security control expectations, and the detailed testing of business-identified financial controls, key reports, and interfaces for assurance of effectiveness, completeness, and accuracy as relevant.
  • Provide guidance as an internal SME for audit/SOX control and/or PPQA compliance when scenarios and questions arise within BVD; escalate appropriately when issues emerge.
  • Effectively communicate with key program stakeholders on status, risks and issues and demonstrate sound judgment regarding escalation.
  • Demonstrate maturity in dealing with all levels of business and IT management and strengthen relationships across business by engaging business leaders to establish credibility, solve problems, build consensus and achieve objectives.
  • Partner with the PPQA, Business Systems Project Managers, Technical Leads, Business Stakeholders, Internal Auditors, and IT Risk Control teams to understand documentation, information and meeting requests from the auditors; and ensure that all requested information is provided effectively and accurately.
  • Independently build strong relationships with the IT RISK and BSD Process Assurance, to leverage lessons learned and existing control frameworks in order to duplicate success in the BVD portfolio.
  • Responsible for the coordination, tracking and remediation of open action items as they arise
  • Identifies internal control deficiencies and ensures the timely implementation of corrective actions
  • Work closely with action item owners and internal audit to elicit and agree requirements, remediation steps and see progress to successful closure.
  • Manage and enhance a tracking system for Internal Audit requests and other tasks, to facilitate the timely exchange of information; and minimize any stale, delayed, or past-due results.
  • Independently create professional-caliber reports as needed to facilitate discussions, communicate issues or concerns, suggest strategic improvements, and highlight progress to senior management.
  • Utilize SOX and IT Risk experience to support audits and regulatory projects.
  • Participate in process improvement initiatives and new projects to ensure internal controls are incorporated to adequately mitigate business risks.
  • Demonstrate commitment to and ensure team adherence to Moody's IT Enterprise Project Governance model and project data integrity as defined within the Moody's IT Investment Framework including; PDLC (estimating, purchasing, planning, scheduling, execution, risk management, quality & process control, change management), timely submission of project artifacts and deliverables including successful passing of project audits including PPQA, internal controls and SOX controls as well as accurate and timely submission of team labor in resource management systems.


Moody's Information Technology

  • Strong, enterprise-wide business acumen to operate within this control point function while being flexible to changing business needs, and showing a deep understanding of how technology enables the business. A knowledge of standard SDLC processes is required.
  • 10+ years of experience in the IT industry, preferably in a financial services or consulting organization, focus on SOX and/or IT Risk
  • Strong Sarbanes-Oxley and COBIT Framework familiarity
  • Proven leader with outstanding interpersonal, communication, and effective relationship building skills at all levels within an organization. Must have experience presenting to management teams and providing status updates.
  • Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background
  • Must have experience working with multiple teams and stakeholders to coordinate SOX-related activities in a timely manner
  • Proven ability to work within a large enterprise that spans multiple continents is governed by change management and has a tiered support model
  • Organizationally agile (i.e., the ability to work well with various levels and functions within the Company)
  • Effective time management, problem-solving and decision-making skills
  • A high level of motivation and initiative
  • Ability to work well under pressure, respond to tight deadlines and exercise excellent judgment in setting priorities for own work, and the work of any direct reports.
  • Must have excellent organizational skills, to create and maintain documentation repositories that are appropriately controlled and usable by others, while managing multiple requests and deadlines at the same time.
  • A self-starter, solution-oriented team player with leadership skills, and a desire to grow their career.
  • Excellent MS Office skill set; Excel, SharePoint, Visio, and PowerPoint.
  • Proficiency in Internal Audit Standards, methodologies, IT General Controls, and IT SOX testing programs expected.
  • BS or BA degree, preferably in technology/business or equivalent
  • Proficiency in Project Management methodologies, tools and techniques, and familiarity with process Industry Standards and Best Practices such as Six Sigma, CMM, ITIL, TQM required
  • Advanced credentials preferred, demonstrating mastery and proficiency in the relevant skillsets, such as PMP, CIA, CISA, CRMA, ScrumAlliance, COBIT, and/or MBA.


Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $4.2 billion in 2017, employs approximately 11,900 people worldwide and maintains a presence in 41 countries. Further information is available at www.moodys.com.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.

New York, NY, USA New York NY US