Controls Analyst

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are—with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. Moody’s is transforming how the world sees risk. As a global leader in ratings and integrated risk assessment, we’re advancing AI to move from insight to action—enabling intelligence that not only understands complexity but responds to it. We decode risk to unlock opportunity, helping our clients navigate uncertainty with clarity, speed, and confidence.

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Skills and Competencies

• 2-4 years of experience in a Big 4 Consulting firm or a global organization
• Strong knowledge of standards and control frameworks (NIST CSF, ISO 27001, CIS)
• Experience with cybersecurity assessment, incident response, and operational cyber security management (SOC, SIEM, Vulnerability Management, WAF, DLP)
• Proficiency in Microsoft Office suite and automation tools
• Excellent communication, interpersonal, team management, and critical thinking skills

Education

• Bachelor’s Degree in field of Technology or Science required; CISA, CISSP, OSCP preferred
• Additional certifications such as CISA, CISSP, OSCP preferred

Responsibilities
Brief synopsis: Assist in the development, execution, and continuous improvement of Cyber Controls programming in accordance with Moody’s and departmental standards.

• Maintain understanding of technological processes, risks, and controls related to Moody's business
• Manage cybersecurity defense lifecycle, including scoping, documentation, testing, and reporting
• Validate design and operating effectiveness of Cyber controls, ensuring quality and timeliness
• Develop test steps and perform testing of reports, interfaces, applications, and ITGCs
• Review tests/audits conducted by the team and perform root cause analysis and impact assessment
• Identify and monitor process/system changes impacting cybersecurity posture
• Support deliverables for regulators and board materials; maintain documentation repository
• Interact with management at various levels regarding cyber controls and project issues
• Drive improvements using analysis, business intelligence, and problem-solving techniques
• Expand knowledge of data analytics and leverage technology for audit testing
• Coach team members for professional development

About the team
Our CRR team is responsible for ensuring robust cyber controls and risk management across Moody’s.
By joining our team, you will:

• Contribute to the protection of Moody’s information assets and reputation
• Support compliance with regulatory requirements and industry standards
• Drive continuous improvement in cybersecurity practices and controls

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.