VP-Artificial Intelligence (AI) Risk Management

Skills and Competencies

• 10+ years of experience in risk management, digital economy, AI/ML, and blockchain, with a related concentration in Technology governance, risk and control self-assessment (RCSA), identifying and evaluating control measures, and compliance with financial services.
• Hands-on experience developing AI and GenAI-powered applications
• Deep expertise in AI model lifecycle governance (validation, transparency, explainability) combined with a track record of assessing and managing
  risk appetite in emerging technology domains, and practical experience with DeFi and blockchain operational risk
• Broad-based technology experience at substantial scale and complexity in a global, highly regulated environment
• Establishing and maintaining relationships between business and technical stakeholders
• Evaluating and prioritizing strategic initiatives, balancing the needs of different stakeholders, and driving alignment
• Ability to influence cross-functionally and enterprise-wide and assert second line risk responsibility to challenge and influence in a highly consultative and effective manner
• Clear Thinker with strong analytical skills to review complex processes
• Effective communication skills, both verbal and written
• Demonstrated ability to effectively interface with a diverse, global, and cross-functional team and led large-scale project
• Ability to prioritize and multitask, flexibility and adaptability in work approach

Education / Certifications

• B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cyber Security or equivalent).
  Relevant certification is desirable, e.g., CISSP, CISM, CISA. Working knowledge of Risk Management life cycles based on established frameworks: NIST, COBIT, ORX, ISO 27001

Responsibilities

The Digital Economy and AI Risk Management VP is a key member of the 2nd Line of Defence Risk Management team, tasked with assisting the 1st Line of Defence manage operational risk emanating from the rapidly evolving landscape of artificial intelligence (AI), decentralized finance (DeFi), blockchain technologies, and the digital economy.  The role is responsible for supporting the ORM framework designed to identify, assess, mitigate, and report on operational risks as it relates to AI development and deployment, the complexities of Web 3.0 (i.e., blockchain), and digital asset innovation.  

• Review and Challenge: leveraging their subject matter expertise, provide independent review and credible challenge to the Digital Economy risk profile and associated implementation of the ORM framework.
• Governance: actively engage at various committees/forums representing 2nd LoD Risk and provide subsequent updates on changes to the Digital Economy risk profile
• Risk Appetite: develop, maintain, and communicate risk appetite for digital and AI-driven initiatives, ensuring alignment with organizational goals and regulatory expectations
• Risk and Control Self-Assessments (RCSA): initial challenge of the 1st LoD RCSA’s in-line with the ORM standards including timely completion, challenging risks, controls, and assessments, and supporting escalation/reporting, including at governance committees
• Operational Risk Events (ORE’s): initial challenge that the appropriate response, escalation, documentation, and reporting is in-line with the ORM framework, including post event root cause analysis to identify lessons learned and required actions to prevent recurrence
• Key Risk Indicators (KRIs): initial challenge of the development and reporting of KRIs, including establishment of tolerance levels, 1LoD rationales where KRI’s are out of tolerance or have changed significantly.
• Emerging & Evolving Risks: initial challenge and monitoring of emerging and evolving risks, identifying where new risks need to be reported, or current risks are significantly changing.
• Risk Initiatives: provide 2nd LoD initial challenge of various initiatives from a design, requirements, and go-live criteria perspective to reduce impact of transformation risk.
• Relationship Management: respected point of contact and trusted advisor to stakeholders across the business and technology functions in providing ORM coverage the Digital Economy, Technology, and Information Security risk.
• Policies, Standards & Procedures: review and credibly challenge adherence by the Digital Economy function to their Policies, Standards and Procedures, as well as adherence to MR ORM framework.
• GRC Usage & Reporting: oversee effective and comprehensive usage of the GRC tool for all ORM risk activities by the 1st LoD ensuring it’s complete, timely, and accurate.

About the Team

Moody's Ratings(MR) Risk Management team was established in 2020 as the 2nd LoD risk function across MR, establishing risk policies and providing advice, guidance and challenge to the implementation and on-going adherence to these standards. The MR Risk Management team is a global team acting as a risk management centre of excellence within MR.