Senior Vice President - Access Management - New York - 16869BR

Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $4.4 billion in 2018, employs approximately 13,100 people worldwide and maintains a presence in 42 countries. Further information is available at www.moodys.com.
Moody’s Shared Services are the front line professionals including Finance, Technology, Legal, Compliance and Human Resources, that operationally support our business units. Exceptional Shared Services teams are vital to the international success of our business.

Department

Access Control Management

Job Description

The Role / Responsibilities:
Moody’s IT Risk is looking for a Sr. Vice President of Access Management to join its growing organization. This is a challenging position requiring a strong background in Information Security practice, deep knowledge of Information Security standards, best practices, technologies and processes, as well as solid communication and organization skills. The candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight.


The SVP – Access Management will assume leadership of the teams responsible for executing projects and day to day tasks associated with Access Management. This includes provisioning, de-provisioning and entitlement review across all technology layers, as well as the strategy and evolution of Access Management processes and technologies. The successful candidate will have a strong background in the areas of Identity and Access Management, security access automation technologies, business process and service desk ticketing systems, security best practices standards (ISO, NIST, COBIT), and audit and regulatory frameworks such as SOX. Strong documentation skills are also crucial to successful process and project delivery.

Responsibilities include:
  • Demonstrate ownership of the Access Control area and its associated programs, including Identity and Access Management.
  • Source, hire and lead the global team responsible for security provisioning and entitlement review/recertification, access-related SOX reporting and control execution, and audit support.
  • Lead the Access Management team driving productivity, performance, adherence to process, and alignment with department and company goals
  • Create, maintain and align Moody’s Information Security policies and standards with industry best practices and business needs
  • Own Information Security decisions and project deliverables associated with Access Control and Identity and Access Management. Ensure solutions adhere to Information Security policies and standards and that Information Security is appropriately embedded in relevant workflows.
  • Manage the successful delivery of Information Security projects and services for our customers by working directly with key business stakeholders, Moody’s IT (MIT) executives and project teams.
  • Create and deliver meaningful presentations and reports on project goals and status, tailored to multiple audience types, including senior leadership.
  • Drive implementation of new security technology platforms by providing thought leadership on design, vendor selection and deployment.
  • Manage project and operational budgets; providing clear estimates and accurate forecasts.
  • Act as the lead sponsor for Information Security and Risk projects, working with project teams comprised of Subject Matter Experts and Project Managers, and providing the direction, guidance, planning, expertise, communication and escalation necessary to guarantee the project’s timely and satisfactory completion.
  • Act as a backup to other senior department leaders as needed

Qualifications

Qualifications:
  • Minimum 12 years of experience in progressively more senior Information Security roles.
  • Minimum 10 years of experience in progressively more senior Information Security roles. At least 8 years of supervisory experience, ideally in managing a global team.
  • Strong writing and communication skills. Ability to create and maintain accurate and detailed guidelines and procedures.
  • Demonstrated expertise in his/her skill area. Member of industry groups and forums, and able to create and give presentations on the subject.
  • Hands-on experience with identity solutions such as SailPoint, Oracle Identity Management, Aveksa, Hitachi ID, CA and auditing tools such as Varonis or Protegrity.
  • Familiarity with Help Desk ticketing tools such as ServiceNow.
  • Ability to interact directly with customers that do not have an IT background including key business stakeholders and clients.
  • BS or BA degree, preferably in technology/business or equivalent.
  • Relevant certifications such as CISSP, CISM, ITIL or PMP are a plus.
  • 5+ years experience in a $1BN+ publicly traded multinational company.



Key Competencies
  • Thinking with a security mindset. The successful candidate has a strong IT background with in depth knowledge of several key security practice areas: identity and access management; application security; audit and regulatory; security operations.
  • Ability to maintain a high performing, motivated team, and adapt direction to accommodate changes in priorities.
  • Process driven approach to managing security controls and customer touch points
  • Knowledge of and experience with current and emerging access management technologies including IAM tools (SailPoint) and File Share Access Auditing (Varonis).
  • Strong knowledge of Access Management business processes/workflows, and associated tools (ServiceNow).
  • Off shore vendor management.
  • Strong knowledge of regulatory standards that govern Information Security practices such as SOX, PCI, and state and federal privacy laws.
  • Strong knowledge of best practice standards that govern Information Security such as ISO, NIST and SANS.
  • Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
  • Strong presentation skills involving large and of varying IT background audiences
  • Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model.
  • Proven ability to lead projects and initiatives within schedule and budget
Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody’s also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.