Sr Dir-Risk Management
Moody s is a developmental culture where we value candidates who are willing to grow.
So, if you are excited about this opportunity but don t meet every single requirement, please apply! You may be a perfect fit for this role or other open roles.
Moody's is a global integrated risk assessment firm that empowers organizations to make better decisions.
At Moody s, we re taking action.
We re hiring diverse talent and providing underrepresented groups with equitable opportunities in their careers.
We re educating, empowering and elevating our people, and creating a workplace where each person can be their true selves, reach their full potential and thrive on every level.
Learn more about our DE&I initiatives, employee development programs and view our annual DE&I Report at moodys.
com/diversityThe Data Solutions operating unit (OU) is the commercial data business of Moody s.
We are 1,300 professionals who curate, manage, and provide data to 10,000 customers worldwide.
We are best known for our Orbis database, which is the world s most comprehensive database of public and private companies.
We are also the definitive source of ratings-related data for companies and securities that have been rated by Moody s Ratings.
Within Data Solutions, we have various strategic and operational teams that specialize in curating and sourcing data and keeping all our databases accurate, relevant, and up-to-date.
Any analytical activity depends on reliable and usable data, and we are proud to be a trusted source of information for decision makers around the world.
This role is for a senior leader who will assume responsibility for the overall risk management, resilience, and general integrity of the Data Solutions business.
Responsibilities revolve around identifying, assessing, and mitigating risks within our technology and operations in order to ensure we meet and exceed internal as well as external expectations.
The person in this role is expected to establish and oversee a control framework to ensure we are effectively managing the risks of our business.
This role is highly visible.
It involves participation in the Senior Leadership Team of Data Solutions, which includes the senior-most executives within the business.
It also requires continued engagement with the C-suite of Moody s, particularly the General Counsel, the Chief Audit Executive, the Chief Information Security Officer, and the Chief Compliance Officer.
A successful candidate will have a strong controls-based mindset to ensure we provide the stability, security, and resilience that our customers have come to expect from Moody s.
A successful candidate will be expected to implement a controls framework, particularly to address risks surrounding acquisition of data from third parties, process automation, data ingestion, and delivery of data and data-related applications to customers.
A successful candidate will also ensure that our solutions comply with local regulations like GDPR, and where relevant, lead our pursuit of industry-recognized certifications like SOC.
In doing so, you will interact with various stakeholders including customers, auditors, and regulatory bodies to understand their needs and expectations.
Requirements of this role include establishing an Enterprise Risk Management (ERM) framework, risk governance structure, and ongoing methods for assessing and monitoring risks based on Data Solutions obligations to internal and external stakeholders.
Key ResponsibilitiesRisk, Controls, and ComplianceEstablish an Enterprise Risk Management framework and effective internal controls environment Collaborate with Moody s Corporation IT, Information Security, and Internal Audit to demonstrate leadership and stay on top of industry changes around needs and normsEnsure SOC compliance and both external and internal audit controlsLead the selection of various risk monitoring, alerting, and process management toolsWork with technology leaders to ensure all customer-facing solutions are within tolerances for static/dynamic code analysis, patching, penetration testing, and vulnerability management, and help drive adoption of Secure SDLC practicesWork with internal teams to ensure regulations such as GDPR are consistently understood and followedCoordinate the roll-out of controls and work with leaders and stakeholders to implement regular reporting and attestation of controls Security & StabilityHelp set expectations for risk monitoring and resilience around all processes and technologies used within Data SolutionsWork with Corporate IT to ensure enterprise and unit-specific objectives are achievedHelp identify and drive improvements to the availability, scalability, latency and efficiency for all products and servicesEnsure appropriate incident response mechanisms (e.
g.
, for stakeholder identification, escalation planning, etc.
) in line with best practiceEngage with stakeholders to define and implement risk-oriented business policies such as access management, third party risk management, media handling, and so forthHelp ensure the dissemination of enterprise standards around risk managementQualifications10
years experience as a leader in Risk and Controls managementStrong background in the design and implementation of control-focused processes and the technology to support themAbility to develop a full and deep understanding of business operations and how they create value and risk for organizationsAbility to think with a control and process mindsetAbility to effectively analyze risk within the context of the business problemsExperience interpreting and implementing a multitude of regulatory requirements (e.
g.
, GDPR, California Privacy, etc.
)Prior success in meeting financial audit and regulatory requirements (SOC, etc.
)Demonstrated understanding of controls around customer-facing technology, including:
5
years experience with implementing controls in cloud computing environmentsFamiliarity with secure agile software development Familiarity with incident detection, response, communications, and remediation.
This role requires managing and participating in incident response meetings as they ariseAbility to effectively manage cross-functional project teams with direct and indirect reports, with a proven ability to marshal matrixed resources needed to meet project deliverables Adaptability and flexibility to work on a variety of assignments as defined by current prioritiesStrong presentation skills involving large and varied audiences, with ability to adjust message and filter details based on audience (e.
g.
, different nationalities, seniority levels, risk sensitivities, etc.
)Proven ability to lead projects and initiatives within schedule and budgetFor US-based roles only:
the anticipated hiring base salary range for this position is $192,500 - $279,200, depending on factors such as experience, education, level, skills, and location.
This range is based on a full-time position.
In addition to base salary, this role is eligible for incentive compensation.
Moody s also offers a competitive benefits package, including not but limited to medical, dental, vision, parental leave, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, a discounted employee stock purchase plan, and tuition reimbursement.
Moody s is an equal opportunity employer.
All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law.
Moody s also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws.
If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.
com.
This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.
This position may be considered a promotional opportunity, pursuant to the Colorado Equal Pay for Equal Work Act.
Click here to view our full EEO policy statement.
Click here for more information on your EEO rights under the law.
Click here to view our Pay Transparency Nondiscrimination statement.
Click here to view our Notice to New York City Applicants.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody s Policy for Securities Trading and the requirements of the position.
Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.
For more information on the Securities Trading Program, please refer to the STP Quick Reference guide on ComplianceNetPlease note:
STP categories are assigned by the hiring teams and are subject to change over the course of an employee s tenure with Moody s.
Job ID:
4375Employment Type:
Full TimeJob Area:
Engineering & TechnologyEstimated Salary: $20 to $28 per hour based on qualifications.
So, if you are excited about this opportunity but don t meet every single requirement, please apply! You may be a perfect fit for this role or other open roles.
Moody's is a global integrated risk assessment firm that empowers organizations to make better decisions.
At Moody s, we re taking action.
We re hiring diverse talent and providing underrepresented groups with equitable opportunities in their careers.
We re educating, empowering and elevating our people, and creating a workplace where each person can be their true selves, reach their full potential and thrive on every level.
Learn more about our DE&I initiatives, employee development programs and view our annual DE&I Report at moodys.
com/diversityThe Data Solutions operating unit (OU) is the commercial data business of Moody s.
We are 1,300 professionals who curate, manage, and provide data to 10,000 customers worldwide.
We are best known for our Orbis database, which is the world s most comprehensive database of public and private companies.
We are also the definitive source of ratings-related data for companies and securities that have been rated by Moody s Ratings.
Within Data Solutions, we have various strategic and operational teams that specialize in curating and sourcing data and keeping all our databases accurate, relevant, and up-to-date.
Any analytical activity depends on reliable and usable data, and we are proud to be a trusted source of information for decision makers around the world.
This role is for a senior leader who will assume responsibility for the overall risk management, resilience, and general integrity of the Data Solutions business.
Responsibilities revolve around identifying, assessing, and mitigating risks within our technology and operations in order to ensure we meet and exceed internal as well as external expectations.
The person in this role is expected to establish and oversee a control framework to ensure we are effectively managing the risks of our business.
This role is highly visible.
It involves participation in the Senior Leadership Team of Data Solutions, which includes the senior-most executives within the business.
It also requires continued engagement with the C-suite of Moody s, particularly the General Counsel, the Chief Audit Executive, the Chief Information Security Officer, and the Chief Compliance Officer.
A successful candidate will have a strong controls-based mindset to ensure we provide the stability, security, and resilience that our customers have come to expect from Moody s.
A successful candidate will be expected to implement a controls framework, particularly to address risks surrounding acquisition of data from third parties, process automation, data ingestion, and delivery of data and data-related applications to customers.
A successful candidate will also ensure that our solutions comply with local regulations like GDPR, and where relevant, lead our pursuit of industry-recognized certifications like SOC.
In doing so, you will interact with various stakeholders including customers, auditors, and regulatory bodies to understand their needs and expectations.
Requirements of this role include establishing an Enterprise Risk Management (ERM) framework, risk governance structure, and ongoing methods for assessing and monitoring risks based on Data Solutions obligations to internal and external stakeholders.
Key ResponsibilitiesRisk, Controls, and ComplianceEstablish an Enterprise Risk Management framework and effective internal controls environment Collaborate with Moody s Corporation IT, Information Security, and Internal Audit to demonstrate leadership and stay on top of industry changes around needs and normsEnsure SOC compliance and both external and internal audit controlsLead the selection of various risk monitoring, alerting, and process management toolsWork with technology leaders to ensure all customer-facing solutions are within tolerances for static/dynamic code analysis, patching, penetration testing, and vulnerability management, and help drive adoption of Secure SDLC practicesWork with internal teams to ensure regulations such as GDPR are consistently understood and followedCoordinate the roll-out of controls and work with leaders and stakeholders to implement regular reporting and attestation of controls Security & StabilityHelp set expectations for risk monitoring and resilience around all processes and technologies used within Data SolutionsWork with Corporate IT to ensure enterprise and unit-specific objectives are achievedHelp identify and drive improvements to the availability, scalability, latency and efficiency for all products and servicesEnsure appropriate incident response mechanisms (e.
g.
, for stakeholder identification, escalation planning, etc.
) in line with best practiceEngage with stakeholders to define and implement risk-oriented business policies such as access management, third party risk management, media handling, and so forthHelp ensure the dissemination of enterprise standards around risk managementQualifications10
years experience as a leader in Risk and Controls managementStrong background in the design and implementation of control-focused processes and the technology to support themAbility to develop a full and deep understanding of business operations and how they create value and risk for organizationsAbility to think with a control and process mindsetAbility to effectively analyze risk within the context of the business problemsExperience interpreting and implementing a multitude of regulatory requirements (e.
g.
, GDPR, California Privacy, etc.
)Prior success in meeting financial audit and regulatory requirements (SOC, etc.
)Demonstrated understanding of controls around customer-facing technology, including:
5
years experience with implementing controls in cloud computing environmentsFamiliarity with secure agile software development Familiarity with incident detection, response, communications, and remediation.
This role requires managing and participating in incident response meetings as they ariseAbility to effectively manage cross-functional project teams with direct and indirect reports, with a proven ability to marshal matrixed resources needed to meet project deliverables Adaptability and flexibility to work on a variety of assignments as defined by current prioritiesStrong presentation skills involving large and varied audiences, with ability to adjust message and filter details based on audience (e.
g.
, different nationalities, seniority levels, risk sensitivities, etc.
)Proven ability to lead projects and initiatives within schedule and budgetFor US-based roles only:
the anticipated hiring base salary range for this position is $192,500 - $279,200, depending on factors such as experience, education, level, skills, and location.
This range is based on a full-time position.
In addition to base salary, this role is eligible for incentive compensation.
Moody s also offers a competitive benefits package, including not but limited to medical, dental, vision, parental leave, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, a discounted employee stock purchase plan, and tuition reimbursement.
Moody s is an equal opportunity employer.
All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law.
Moody s also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws.
If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.
com.
This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.
This position may be considered a promotional opportunity, pursuant to the Colorado Equal Pay for Equal Work Act.
Click here to view our full EEO policy statement.
Click here for more information on your EEO rights under the law.
Click here to view our Pay Transparency Nondiscrimination statement.
Click here to view our Notice to New York City Applicants.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody s Policy for Securities Trading and the requirements of the position.
Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.
For more information on the Securities Trading Program, please refer to the STP Quick Reference guide on ComplianceNetPlease note:
STP categories are assigned by the hiring teams and are subject to change over the course of an employee s tenure with Moody s.
Job ID:
4375Employment Type:
Full TimeJob Area:
Engineering & TechnologyEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
