thrive on every level. Learn more about our DE&I initiatives, employee development programs and view our annual DE&I Report at moodys.com/diversity
The Moody's Analytics Risk Management team within the Banking Solutions group leads all aspects of the Banking Operating Unit's risk management framework and implements its risk management activities, with the objectives of safeguarding critical business data, protecting data privacy, addressing information security threats, ensuring legal and regulatory compliance, meeting customer requirements for controls assurance, and promoting risk awareness. The team collaborates with Enterprise Risk Management and Moody's Shared Services to reduce risk to acceptable levels while enabling business priorities.
We are seeking a highly skilled and experienced Risk Professional to join our organization! The Assistant Director - Risk Management role will support our risk management and compliance efforts, with a main focus on assisting in leading SOC1/SOC2/C5, ISO audits, and customer audits of Moody's Analytics software products and services. Also, will support customer inquiries primarily in technology and cyber due diligence assessments and supervising risk remediation activities.
Customer Audit Support: Collaborate with our clients and customers during customer audits. Assist in providing crucial documentation, responding to audit inquiries, and ensuring compliance with customer-specific requirements.
Respond to Moody's customers to help them complete their vendor risk reviews of Moody's software products and the information security controls that protect customer data.
Work closely with Moody's sales and legal teams to support the sales process from RFP submission through contract negotiations. Be a trusted expert on information security and controls-related details for Moody's products.
Engage with teams across Moody's in sales, product management, development, operations, and business continuity to give customers the information they need to complete their risk reviews of Moody's products.
Create and maintain documentation for customers on Moody's products' information security controls.
Assist in SOC1/SOC2 Audits: Collaborate with product teams to assist in the preparation, coordination, and execution of SOC1 and SOC2 audits. This includes gathering relevant documentation, conducting internal assessments, and collaborating closely with external auditors.
Support ISO Audits: Assist in the management of ISO audits by helping to maintain compliance with ISO standards (e.g., ISO 27001). Contribute to the development and maintenance of policies, procedures, and controls in alignment with ISO requirements.
Risk Remediation Monitoring: Monitor and supervise the progress of risk remediation activities. Collaborate with partners to ensure timely and effective remediation of identified risks and issues.
Documentation and Reporting: Maintain accurate and up-to-date records of audit activities, findings, and remediation efforts. Assist in the preparation of audit reports and documentation for internal and external partners.
Compliance Monitoring: Support ongoing compliance efforts by monitoring alignment to policies, procedures, and regulatory requirements. Collaborate with teams across the organization to identify areas of improvement and assist in implementing necessary changes. Support efforts to automate and improve monitoring efficiency and coverage.
Third Party Risk: Participate in buildout of Moody's-wide enhanced third party risk management framework and support Moody's Analytics implementation.
Training and Awareness: Participate in training sessions related to risk management, compliance, and audit processes. Assist in raising awareness of compliance requirements within the organization.
Excellent verbal and written communication skills. Ability to handle negotiations and difficult conversations with clients.
Organized, attentive to detail, able to prioritize and meet deadlines.
Strong analytical, problem-solving, collaboration, and project management skills.
Knowledge of IT and cyber controls and frameworks (SOC 1 and SOC 2, C5, NIST, ISO 27001, COBIT).
5 to 7 years' experience in IT audit, enterprise risk management, information security, or vendor risk management.
Familiarity with software development practices and enterprise technology operations, particularly in public cloud environments.
Proficient with Microsoft Office applications; familiarity with GRC platforms.
CISA, CRISC, CISSP, PMP certification or equivalent experience.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.
Please note: STP categories are assigned by the hiring teams and are subject to change over the course of an employee's tenure with Moody's.