Assc Dir-Risk Management

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are—with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. 

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

JOB DESCRIPTION

Job Title –

Associate Director – Risk Management

Entity  -

MA

Line of Business/Department

COR – Customer Operations and Risk

Location

Gurgaon, India

Full Time / Part Time

Full Time

Skills and Competencies

• Excellent verbal and written communication skills. Ability to handle negotiations and difficult conversations.
• Organized, attentive to detail, and able to prioritize and meet deadlines.
• Strong analytical, problem-solving, collaboration, and project management skills.
• Knowledge of IT and cyber controls and frameworks (SOC 1 and SOC 2, C5, NIST, ISO 27001, COBIT).
• 8 to 10 years’ experience in IT audit, enterprise risk management, information security, or vendor risk management.
• Familiarity with software development practices and enterprise technology operations, particularly in public cloud environments.
• Proficient with Microsoft Office applications; familiarity with GRC platforms.
• CISA, CRISC, CISSP, PMP certification or equivalent experience.

Education

Minimum Bachelor’s degree in Engineering or related major from top institutions, Master’s degree is a plus.

Responsibilities

Design, develop, and maintain internal tools and UI applications to support data quality and operational efficiency.

• Assist in SOC1/SOC2/C5 Audits: Collaborate with product teams to assist in the preparation, coordination, and execution of SOC1, SOC2 and C5 audits. This includes gathering relevant documentation, conducting internal assessments, and liaising with external auditors.

• Support ISO Audits: Assist in the management of ISO audits by helping to maintain compliance with ISO standards (e.g., ISO 27001). Contribute to the development and maintenance of policies, procedures, and controls in alignment with ISO requirements.

• Perform Technology and Cyber Risk Assessments: Perform internal technology and cyber risk assessments of products and services. Identify vulnerabilities, threats, and potential risks to our products and services. Work with product, technology and cybersecurity teams to mitigate identified risks.

• Risk Remediation Monitoring: Monitor and track the progress of risk remediation activities. Collaborate with stakeholders to ensure timely and effective remediation of identified risks and issues.

• Documentation and Reporting: Maintain accurate and up-to-date records of audit activities, findings, and remediation efforts. Assist in the preparation of audit reports and documentation for internal and external stakeholders.

• Compliance Monitoring: Support ongoing compliance efforts by monitoring adherence to policies, procedures, and regulatory requirements. Collaborate with teams across the organization to identify areas of improvement and assist in implementing necessary changes. Support efforts to automate and improve monitoring efficiency and coverage.

• Training and Awareness: Participate in training sessions related to risk management, compliance, and audit processes. Assist in raising awareness of compliance requirements within the organization.

About the team

About the team

The Moody’s Analytics (MA) Risk Management team within the Customer, Operations, and Risk group oversees MA’s enterprise risk management framework and implements its risk management activities, with the objectives of safeguarding sensitive business data, protecting data privacy, addressing information security threats, ensuring legal and regulatory compliance, meeting customer requirements for controls assurance, and promoting risk awareness. The team collaborates with lines of business across MA and Moody’s Shared Services to reduce risk to acceptable levels while enabling business priorities.

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.

For more information on the Securities Trading Program, please refer to the STP Quick Reference guide on ComplianceNet

Please note: STP categories are assigned by the hiring teams and are subject to change over the course of an employee’s tenure with Moody’s.