Associate Director - Risk Management (100% Remote Flexibility - Throughout US)

thrive on every level. Learn more about our DE&I initiatives, employee development programs and view our annual DE&I Report at moodys.com/diversity

Compliance & Third Party Risk Management

Know Your Customer, Moody's Analytics

The Know Your Customer (KYC) Risk Management team within the Compliance & Third Party Risk Management group oversees KYC's operating unit risk management framework and implements its risk management activities, with the objectives of safeguarding sensitive business data, protecting data privacy, addressing information security threats, ensuring legal and regulatory compliance, meeting customer requirements for controls assurance, and promoting risk awareness. The team collaborates with lines of business across MA's and Moody's Shared Services to reduce risk to acceptable levels while enabling business priorities.

Role:

The Associate Director - Risk Management is a role with the objective of enhancing the risk and controls framework across the KYC operating unit. In this role, you will partner with management and Moody's corporate audit, risk, and control leaders to transform the perception of risk across KYC. This role will also support customer inquiries primarily in technology and cyber due diligence assessments and monitoring risk remediation activities.

Responsibilities:

• Lead and support KYC's, SOC2 and compliance audits and readiness assessments. This includes collaborating with product teams and gathering relevant documentation, conducting internal assessments, and liaising with external auditors

• Lead and support ISO audits by helping to maintain compliance with ISO standards (e.g., ISO 27001). Contribute to the development and maintenance of policies, procedures, and controls in alignment with ISO requirements.

• Maintain accurate and up-to-date records of audit activities, findings, and remediation efforts. Assist in the preparation of audit reports and documentation for internal and external stakeholders.

• Lead and support ongoing control monitoring efforts by monitoring adherence to policies, procedures, and SOC2, ISO requirements. Collaborate with teams across the organization to identify areas of improvement and assist in implementing necessary changes. Support efforts to automate and improve monitoring efficiency and coverage.

• Execute internal technology and cyber risk assessments of products and services. Identify vulnerabilities, threats, and potential risks to our products and services. Work with product, technology and cybersecurity teams to mitigate identified risks.

• Monitor and track the progress of risk remediation activities. Collaborate with stakeholders to ensure timely and effective remediation of identified risks and issues.

• Collaborate with clients during customer audits. Assist in providing necessary documentation, responding to audit inquiries, and ensuring compliance with customer-specific requirements. Respond to Moody's customers to help them complete their vendor risk reviews of Moody's software products and the information security controls that protect customer data. Work closely with Moody's sales and legal teams to support the sales process from RFP submission through contract negotiations. Be a trusted expert on information security and controls-related details for Moody's products. Engage with teams across Moody's in sales, product management, development, operations, and business continuity to give customers the information they need to complete their risk reviews of Moody's products.

• Participate in training sessions related to risk management, compliance, and audit processes. Assist in raising awareness of compliance requirements within the organization.

• Develop and maintain strong relationships with key stakeholders, including senior executives, business unit leaders, and external auditors.

• Third Party Risk: Participate in buildout of Moody's-wide enhanced third party risk management framework and support MA implementation.

• Compliance Monitoring: Support ongoing compliance efforts by monitoring adherence to policies, procedures, and regulatory requirements. Collaborate with teams across the organization to identify areas of improvement and assist in implementing necessary changes. Support efforts to automate and improve monitoring efficiency and coverage.

Qualifications:

• 6 to 10+ years' experience in related audit and risk roles, including in senior leadership positions.

• Experience in technology risk and audit, preferably in Big 4 or financial services.

• Experience in fintech, software, or technology companies.

• Knowledge of internal controls, technology controls, and frameworks such as NIST, COSO, SSAE 18, etc.

• Knowledge of regulation pertaining to financial services and fintech industry.

• Familiarity with software development practices and enterprise technology operations, particularly in public cloud environments.

• Expertise with risk management methodologies and maturity models.

• Excellent verbal and written communication skills. Ability to handle negotiations and difficult conversations.

• Organized, attentive to detail, and able to prioritize and meet deadlines.

• Strong analytical, problem-solving, collaboration, and project management skills.

• Familiarity with Governance, Risk and Compliance (GRC) tools.

• Proficient with Microsoft Office applications.

• Bachelor's degree or equivalent experience required; graduate degree a plus.

• Relevant certifications preferred (CISA, CRISC, CISSP, CIA, CFE etc.)

For US-based roles only: the anticipated hiring base salary range for this position is [[$117,200]] - [[$170,000]], depending on factors such as experience, education, level, skills, and location. This range is based on a full-time position. In addition to base salary, this role is eligible for incentive compensation. Moody's also offers a competitive benefits package, including not but limited to medical, dental, vision, parental leave, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, a discounted employee stock purchase plan, and tuition reimbursement.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email [email protected]. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.

This position may be considered a promotional opportunity, pursuant to the Colorado Equal Pay for Equal Work Act.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law. Click here to view our Pay Transparency Nondiscrimination statement. Click here to view our Notice to New York City Applicants.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.