VP - Business Information Security Officer

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are—with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. Moody’s is transforming how the world sees risk. As a global leader in ratings and integrated risk assessment, we’re advancing AI to move from insight to action—enabling intelligence that not only understands complexity but responds to it. We decode risk to unlock opportunity, helping our clients navigate uncertainty with clarity, speed, and confidence.

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Skills and Competencies

• Strong background in information security, cybersecurity engineering, or security architecture, enabling effective advisory support to the business.
• In-depth knowledge of cybersecurity and risk management frameworks such as NIST Cybersecurity Framework, ISO 27001, and Cloud Security Alliance controls.
• Ability to translate complex technical risks into clear, actionable business language for senior stakeholders.
• Experience working with cloud-native environments, modern application architectures, and DevOps practices.
• Excellent stakeholder management, communication, and executive-level presentation skills.
• Professional certifications such as CISSP, CISM, CISA, CCSP, or similar (preferred).
• Demonstrated understanding of artificial intelligence concepts, with experience using AI-enabled tools to improve security analysis, risk management processes, and operational efficiency, while maintaining awareness of ethical and responsible AI use.

Education

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related discipline (or equivalent professional experience).

Responsibilities

Vice President -BISO will act as the primary cybersecurity partner for assigned business units, embedding secure-by-design practices, managing risk, and aligning security strategy with business objectives.

• Serve as the primary security liaison for business unit leadership, ensuring enterprise security strategy is embedded into business planning and decision-making.
• Partner with engineering and architecture teams to apply secure design patterns, cloud security frameworks, and cybersecurity best practices.
• Conduct, oversee, and validate cybersecurity risk assessments covering applications, products, and third parties, and maintain risk registers.
• Ensure alignment with applicable regulatory and compliance frameworks, including GDPR, DORA, and other jurisdictional requirements.
• Support cyber vendor risk management activities by reviewing onboarding assessments, continuous monitoring outputs, and risk exceptions.
• Act as an escalation point between business applications, Security Operations, and Incident Response teams during security events.
• Promote cybersecurity culture by supporting security awareness initiatives and developing Security Champions within the business.
• Prepare and present updates on security posture, key risks, metrics, and roadmaps to senior leaders and governance forums.

About the Team
Our Cyber Security team is responsible for protecting Moody’s information assets and enabling the business to operate securely and resiliently. The team partners closely with technology and business stakeholders to embed security into products, platforms, and daily operations, supporting innovation while effectively managing risk.

#LI-Hybrid

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.