Senior Analyst - Security Metrics and Reporting - Charlotte | New York - 17236BR

Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $4.4 billion in 2018, employs approximately 13,100 people worldwide and maintains a presence in 42 countries. Further information is available at
Moody’s Shared Services are the front line professionals including Finance, Technology, Legal, Compliance and Human Resources, that operationally support our business units. Exceptional Shared Services teams are vital to the international success of our business.


Moody’s IT (MIT) Information Risk is looking for a Senior Analyst who will be aligned to the Information Risk function and manage the Security and Risk Metrics and Reporting function. This is a position requiring a strong background in metrics-driven reporting practices and solid communication and organization skills.

The ideal candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight. The candidate has a deep understanding of data reporting and analysis, data visualization and is able to articulate complex information through reports, dashboards and presentations that tell a story. The candidate will have some SQL experience, understand SQL data-structures, be able to maintain and improve SQL databases, import and extract data for metrics purposes.

The Information Risk Metrics and Reporting program will support the Information Risk team by identifying and implementing key metrics, reports and dashboards to provide visibility, accountability and identify gaps and trends in risk controls across the MIT organization. One of the unique benefits of the role is that the successful candidate will have overview and insight into the whole spectrum of Information Security activity.

The Moody’s Information Risk Management team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, reporting and the delivery of security services including the company’s Cyber Security program. The Information Risk Management team sets strategic direction for cyber risk and security, and aligns with stakeholders throughout the organization

Job Description

  • Leading efforts to build a robust, sustainable Risk and Security Metrics and Reporting Program including identification of key measurement criteria, analysis of source data, definition of processes to produce metrics, analysis of trends and identification of key drivers

  • Telling the risk and security story through a series of easy to understand and visually compelling infographics that build progressively as the program matures

  • Partnering with risk and security subject matter experts to understand data and then define metrics and reports for information security functions such as vulnerability management, endpoint protection, content filtering and threat monitoring; work with team members to create repeatable data collection processes to ensure metrics and reports have a consistent data quality

  • Technical management of a SQL Server data-repository of metrics information extracted from sources across the Information Security platform

  • Defining and delivering consistent reporting for risk and security projects and controls

  • Analyzing data to discern lessons learned and action items in order to improve security controls and risk posture; partner with the appropriate teams to help them understand the how the data can drive improvements

  • Driving the metrics program to higher levels of maturity with a particular focus on automation of data collection and dashboard creation

  • Develop a dashboard and metrics roadmap and scorecard

  • Maintain a catalog of security data, reports and dashboards that can be tailored for audience (technical / business, executive / operational) and frequency in order to support scheduled and ad-hoc requests


  • Bachelor’s degree in a technical or business discipline

  • 3 – 5 years or more of continuous improvement experience, primarily in a program reporting and metrics based role, preferably in the financial sector and/or supporting IT Risk or Information Security initiatives

  • Expert level PowerPoint and Excel skills

  • Some SQL server experience, the ability to own and maintain SQL databases, connectors, feeds and API’s from systems that provide metrics data

  • Strong experience with data visualization concepts and tools

  • Experience with the tableau visualization tool is preferable

  • Ability to analyze data using Excel including use of complex Excel macros / scripts for reporting and data mining purposes from sources such as SQL databases, SharePoint and other enterprise data repositories is essential; some development experience with data extraction is preferable

  • Experience with ServiceNow and Splunk is preferable

  • Ability to work individually, as part of a team and matrix-manage other staff depending on the initiative

  • Significant, proven experience defining key measurements that will drive visibility, accountability, quality and overall IT effectiveness

  • Strong written and oral communication skills

  • Strong presentation skills; ability to adjust message and filter details based on audience (e.g. technical, business, management)

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody’s also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.