DepartmentMoody’s Information Risk team is looking for a Vice President of Cybersecurity Data Loss Prevention (DLP) to join its growing organization. This is a challenging position requiring a strong background in Information Security practice, deep knowledge of Information Security standards, best practices, technologies and processes, as well as solid communication and organization skills. The candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight.
The Moody’s Information Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business requirements. The team has global responsible for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. The Cybersecurity team sets strategic direction for security within the organization and aligns with stakeholders throughout the company. The team is responsible for key programs including Cybersecurity Operations, Engineering, Patch and Vulnerability Management, Data Loss Prevention, Access Control, Threat Management, Security Monitoring and Incident Response
The VP – Cybersecurity Data Loss Prevention will assume leadership of the teams responsible for executing projects and day to day tasks associated with DLP and User Behavior Analytics (UBA). This includes liaising with business stakeholders, identifying data loss use cases, iterating through DLP solutions, leading implementation efforts by the DLP team as well as the strategy and evolution of DLP processes and technologies. The successful candidate will have a strong background in the area of Data Loss Prevention, DLP risks, DLP technical controls, DLP technologies, security best practices standards (ISO, NIST, COBIT), and audit and regulatory frameworks. Strong documentation skills are also crucial to successful process and project delivery.
The individual will be required to work closely with other members of the Information Risk and Cybersecurity team to set objectives for the DLP and UBA program. The individual will be responsible for successfully meeting DLP and UBA objectives, as well as operationalizing the DLP program and working with key business stakeholders throughout this process.
Demonstrate ownership of the Data Loss Prevention program and its associated projects and technologies.
Lead the team responsible for implementing DLP technologies and controls. Provide oversight and guidance for during implementation and development.
Build and lead a team responsible for responding to DLP alerts and incidents.
Liaise with senior business stakeholders and provide oversight and guidance during sensitive DLP investigations.
Think with a security mindset while successfully analyzing business risk and remediation effort, to prioritize efforts and projects.
Own information security decisions and project deliverables related to the DLP program. Ensure solutions adhere to information security policies and that DLP controls are embedded in all new technology initiatives at Moody’s.
Manage the successful delivery of Information Security Projects and services for business stakeholders and Moody’s IT executives.
Provide oversight and guidance during implementation and deployment of User Behavior Analytics solution at Moody’s as part of the DLP program.
Liaise with business stakeholders an identify DLP gaps and solutions for current and future business processes.
Create and deliver meaningful presentations and reports on project goals and status, tailored to different audiences.
Partner with other leaders and business project sponsors to build consensus on project requirements, expected timelines, and service delivery goals as well as report on status and key project risks.
Act as a backup to other senior department leaders as needed.
Minimum education and work experience required for this position include:
Minimum 10-15 years of experience in IT industry, preferably in a financial services or consulting organization.
Minimum 8 years of experience in progressively more senior Information Security roles.
Strong writing and communication skills. Ability to create and maintain accurate and detailed guidelines and procedures.
Demonstrated expertise in his/her skill area. Member of industry groups and forums, and able to create and give presentations on the subject.
Hands-on experience with Data Loss Prevention technologies and capabilities such as Symantec DLP, Microsoft O365 DLP, Ironport DLP, Cloud Access Security Brokers (CASB), etc.
Firsthand experience with UBA tools such as Securonix, Exabeam, Splunk UBA, etc. is a plus.
Firsthand experience working with response teams for security/DLP investigations is a plus.
Familiarity with Help Desk ticketing tools such as ServiceNow.
Ability to interact directly with customers that do not have an IT background including key business stakeholders and clients.
BS or BA degree, preferably in technology/business or equivalent.
Relevant certifications such as CISSP, CISM, ITIL or PMP are a plus
Thinking with a security mindset. The successful candidate has a strong IT background with in depth knowledge of several key security practice areas: data loss prevention; security analytics; application security; audit and regulatory; security operations.
Ability to maintain a high performing, motivated team, and adapt direction to accommodate changes in priorities.
Process driven approach to managing security controls and customer touchpoints.
Knowledge of and experience with current and emerging data loss prevention tools and methodologies including Symantec DLP, Microsoft o365 DLP, etc.
Knowledge of how the DLP landscape has changed in the last number of years and a vision for how it may evolve over time.
Strong knowledge of data loss prevention controls.
Strong knowledge of data loss prevention response procedures and protocols.
Off shore vendor management.
Strong knowledge of regulatory standards that govern Information Security practices such as SOX, PCI, and state and federal privacy laws.
Strong knowledge of best practice standards that govern Information Security such as ISO, NIST and SANS.
Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
Strong presentation skills involving large and of varying IT background audiences
Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model.
Proven ability to lead projects and initiatives within schedule and budget
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.