Sr IT Risk Analyst - New York - 13289BR

Moody’s IT Risk department is looking for a Senior IT Risk Analyst – IT Risk and Control Management to join its growing organization. This is a challenging position requiring a familiarity in Regulatory (Sarbanes Oxley) Coordination and a familiarity of IT Risk. The ideal candidate should be very motivated and willing to take on challenges, able to multi-task to succeed and has the ability to work independently and with minimal oversight. The role offers exposure to senior level management and leadership opportunities, in addition to gaining in-depth insight into the IT Risk business.
The Moody’s IT Risk Management team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business and regulatory requirements. The team is responsible for the development, enforcement, and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company’s Cyber Security program. The IT Risk Management team sets the strategic direction for IT risk and security globally and aligns with stakeholders throughout the organization.

Functional Responsibilities:
  • Obtaining and performing appropriate analysis of data to assess risk(s), developing SOX program to address identified risk(s), preparing the planning memorandum, conducting appropriate tests, and ensuring that testing is completed as scheduled and documented in compliance with departmental standards
  • Execute control testing across all control areas, including IT General Controls and Application Controls
  • Test key reports for completeness and accuracy through validation of report logic (code review), source data, and input parameters.
  • Independently execute audit activities of moderate to high complexity including IT technical audits, pre & post implementation consulting engagements, integrated audits, and Sarbanes Oxley (SOX) 404 testing.
  • Present to senior level management on project updates on a weekly /monthly basis
  • Responsible for the coordination, tracking and remediation of open action items as they arise from regulatory requirements
  • Coordinates efforts across multiple departments to ensure SOX compliance requirements are met within required deadlines
  • Identifies internal control deficiencies and ensures the timely implementation of corrective actions
  • Work closely with action item owners and internal audit to elicit and agree requirements, remediation steps and see progress to successful closure
  • Perform testing and interact with external auditors as needed
  • Build strong working relationships with both IT and business partners, establishing working groups and workshops with key IT stakeholders and vendors as required
  • Conducts and is accountable for weekly tracking, coordination and reporting; ensuring proper escalation of issues to senior management
  • Utilize SOX and IT Risk experience to support audits and regulatory projects
  • Participate in process improvement initiatives and new projects to ensure internal controls are incorporated to adequately mitigate business risks
Minimum education and work experience required for this position include:
  • Minimum of four years of Director level ”Big Four” IT Audit experience required, including specific experience leading planning and execution of SOC and/or SOX audits
  • Understand key IT and automated business processes and perform testing of the design and operating effectiveness of controls within those processes (General IT Controls and Automated Business Controls).
  • Strong Sarbanes-Oxley and COBIT Framework familiarity
  • Must have some experience presenting to management teams and providing status updates
  • Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background
  • Must have experience working with multiple teams and stakeholders to coordinate SOX related activities in a timely manner
  • Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model
  • Organizationally agile (i.e., the ability to work well with various levels and functions within the Company)
  • Effective time management, problem solving and decision making skills
  • A high level of motivation and initiative
  • Proficiency with Microsoft Office Applications (Word, Excel, Power Point and Visio)
  • BS or BA degree, preferably in technology/business or equivalent
Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $4.2 billion in 2017, employs approximately 11,900 people worldwide and maintains a presence in 41 countries. Further information is available at
Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody’s also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.