Moody’s IT Risk Management is looking for an Assistant Vice President in the EMEA region who will be aligned to the IT Risk function and manage the IT Controls Program. This is a position requiring a strong background in IT Controls practices along with solid communication and organization skills.
The ideal candidate must be very motivated and willing to take on challenges, be able to multi-task and needs to have the ability to work independently with minimal oversight. The candidate must have a deep understanding of the IT Control landscape and should be able to articulate complex information through reports, dashboards and presentations that tell a story.
The Moody’s IT Risk Management team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company’s Cyber Security program. The IT Risk Management team sets strategic direction for IT risk and security and aligns with stakeholders throughout the organization.
Ensure that controls are sufficiently designed, documented, and evidenced to satisfy risk, audit and regulatory objectives:
Build security control and risk scorecards, metrics, and reporting capabilities in GRC to support assessment of security compliance and risk posture.
Independently execute audit activities of moderate to high complexity including IT technical audits, pre & post implementation consulting engagements, integrated audits, and Sarbanes Oxley (SOX) 404 testing.
Utilize SOX and IT Risk experience to support audits and regulatory projects.
Coordinates efforts across multiple departments to ensure SOX compliance requirements are met within required deadlines.
Direct cross-organization/ business unit Controls Working Group and operational teams to address security controls and compliance, coordinate exception evaluations, and track risk remediation activities, temporary exceptions, and control status and ownership.
Advocate, coach and highlight the impact of IT policies, standards, procedures and initiatives to promote, support and enhance security controls and negotiate resolutions of issues which arise during deployment and implementation of IT Controls and related practices.
Enable continuous technology compliance by maintaining up to date controls, coordinating controls testing and monitoring, identifying and escalating control non-compliance.
Serve on a team which is Moody’s IT (MIT) central point of contact for internal and external audit and regulatory activities:
Assist in organizing and preparing MIT responses to regulatory and audit requests including drafting of talking points and presentations on topics such as control design/execution and strategic risk mitigation programs.
Regularly liaise with Moody’s Compliance, Audit and Legal functions to proactively monitor pending and proposed legislation and upcoming reviews in order to adequately prepare for and adapt to new or heightened expectations.
Track remediation on reported audit and regulatory observations to ensure timely and comprehensive resolution; on a regular basis, issue reports to IT leadership as to current state.
Significant experience in IT Risk Management, Information Security and/or IT Audit, preferably within the financial services industry or a consulting organization.
Strong Sarbanes-Oxley and COBIT Framework familiarity.
Understand key IT and automated business processes and perform testing of the design and operating effectiveness of controls within those processes (General IT Controls and Automated Business Controls).
BS or BA degree, preferably in technology, business or equivalent.
Relevant certifications, such as CISSP, CRISC, CISA, CISM, are a plus.
Control program execution and reporting management through a Governance Risk and Compliance solution.
Must be comfortable with reporting directly to management in the New York office headquarters and working with team members across multiple continents and countries.
Strong knowledge of laws, regulations and standards that govern Information Security practices such as NIST CSF, SOX
Experience managing an ISO-27002 or NIST aligned security program.
Experience programmatically assessing and managing security risks associated with vendors, confidential and personal data, critical IT assets, technology projects, and business initiatives.
Demonstrated leadership in GRC tool selection, deployment and management and in GRC workflow definition and automation.
Experience coordinating across business units, audit, compliance and legal teams to provide outside entities with technology evidence, documented exceptions, mitigating controls, and/or remediation activities underway to verify technology compliance.
Strong presentation skills involving large and of varying IT background audiences; ability to adjust message and filter details based on audience.
Must have experience working with multiple teams and stakeholders to coordinate SOX related activities in a timely manner
Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model