Moody’s IT (MIT) Information Risk is looking for a Senior Analyst who will be aligned to the Information Risk function and manage the Security and Risk Metrics and Reporting function. This is a position requiring a strong background in metrics-driven reporting practices and solid communication and organization skills.
The ideal candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight. The candidate has a deep understanding of data reporting and analysis, data visualization and is able to articulate complex information through reports, dashboards and presentations that tell a story. The candidate will have some SQL experience, understand SQL data-structures, be able to maintain and improve SQL databases, import and extract data for metrics purposes.
The Information Risk Metrics and Reporting program will support the Information Risk team by identifying and implementing key metrics, reports and dashboards to provide visibility, accountability and identify gaps and trends in risk controls across the MIT organization. One of the unique benefits of the role is that the successful candidate will have overview and insight into the whole spectrum of Information Security activity.
The Moody’s Information Risk Management team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, reporting and the delivery of security services including the company’s Cyber Security program. The Information Risk Management team sets strategic direction for cyber risk and security, and aligns with stakeholders throughout the organization
Leading efforts to build a robust, sustainable Risk and Security Metrics and Reporting Program including identification of key measurement criteria, analysis of source data, definition of processes to produce metrics, analysis of trends and identification of key drivers
Telling the risk and security story through a series of easy to understand and visually compelling infographics that build progressively as the program matures
Partnering with risk and security subject matter experts to understand data and then define metrics and reports for information security functions such as vulnerability management, endpoint protection, content filtering and threat monitoring; work with team members to create repeatable data collection processes to ensure metrics and reports have a consistent data quality
Technical management of a SQL Server data-repository of metrics information extracted from sources across the Information Security platform
Defining and delivering consistent reporting for risk and security projects and controls
Analyzing data to discern lessons learned and action items in order to improve security controls and risk posture; partner with the appropriate teams to help them understand the how the data can drive improvements
Driving the metrics program to higher levels of maturity with a particular focus on automation of data collection and dashboard creation
Develop a dashboard and metrics roadmap and scorecard
Maintain a catalog of security data, reports and dashboards that can be tailored for audience (technical / business, executive / operational) and frequency in order to support scheduled and ad-hoc requests
Bachelor’s degree in a technical or business discipline
3 – 5 years or more of continuous improvement experience, primarily in a program reporting and metrics based role, preferably in the financial sector and/or supporting IT Risk or Information Security initiatives
Expert level PowerPoint and Excel skills
Some SQL server experience, the ability to own and maintain SQL databases, connectors, feeds and API’s from systems that provide metrics data
Strong experience with data visualization concepts and tools
Experience with the tableau visualization tool is preferable
Ability to analyze data using Excel including use of complex Excel macros / scripts for reporting and data mining purposes from sources such as SQL databases, SharePoint and other enterprise data repositories is essential; some development experience with data extraction is preferable
Experience with ServiceNow and Splunk is preferable
Ability to work individually, as part of a team and matrix-manage other staff depending on the initiative
Significant, proven experience defining key measurements that will drive visibility, accountability, quality and overall IT effectiveness
Strong written and oral communication skills
Strong presentation skills; ability to adjust message and filter details based on audience (e.g. technical, business, management)
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.