AVP, IT Risk Security Metrics and Reporting - New York - 9524BR

Moody’s IT Risk Management is looking for an Assistant Vice President who will be aligned to the IT Risk function and manage the Security and Risk Metrics and Reporting function. This is a position requiring a strong background in metrics-driven reporting practices and solid communication and organization skills.

The ideal candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight. The candidate has a deep understanding of data reporting and analysis, data visualization and is able to articulate complex information through reports, dashboards and presentations that tell a story.

The IT Risk Metrics and Reporting program will support the IT Risk team by identifying and implementing key metrics, reports and dashboards to provide visibility, accountability and identify gaps and trends in risk controls across the MIT organization.

The Moody’s IT Risk Management team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company’s Cyber Security program. The IT Risk Management team sets strategic direction for IT risk and security and aligns with stakeholders throughout the organization.

Functional responsibilities include:
  • Leading efforts to build a robust, sustainable Risk and Security Metrics and Reporting Program including identification of key measurement criteria, analysis of source data, definition of processes to produce metrics, analysis of trends and identification of key drivers
  • Telling the risk and security story through a series of easy to understand and visually compelling infographics that build progressively as the program matures
  • Partnering with risk and security subject matter experts to understand data and then define metrics and reports for information security functions such crown jewels data protection, vulnerability management, endpoint protection, content filtering and threat monitoring; work with team members to create repeatable data collection processes to ensure metrics and reports have a consistent data quality.
  • Defining and delivering consistent reporting for risk and security projects and controls
  • Analyzing data to discern lessons learned and action items in order to improve security controls and risk posture; partner with the appropriate teams to help them understand the how the data can drive improvements
  • Driving the metrics program to higher levels of maturity with a particular focus on automation of data collection and dashboard creation
  • Develop a dashboard and metrics roadmap and scorecard
  • Maintain a catalog of security data, reports and dashboards that can be tailored for audience (technical / business, executive / operational) and frequency in order to support scheduled and ad-hoc requests
Risk Assessment_Architecture
  • Bachelor’s degree in a technical or business discipline
  • 5 – 8 years or more of continuous improvement experience, primarily in a program reporting and metrics based role, preferably in the financial sector and/or supporting IT Risk or Information Security initiatives
  • Expert level PowerPoint and Excel skills
  • Experience with the tableau visualization tool and the ability to understand SQL relational data-structures is preferable
  • Strong experience with data visualization concepts and tools
  • Ability to analyze data using Excel including use of complex Excel macros / scripts for reporting and data mining purposes from sources such as SQL databases, SharePoint and other enterprise data repositories is essential; some development experience with data extraction is preferable
  • Experience with ServiceNow and Splunk is preferable
  • Ability to work individually, as part of a team and matrix-manage other staff depending on the initiative
  • Significant, proven experience defining key measurements that will drive visibility, accountability, quality and overall IT effectiveness
  • Strong written and oral communication skills
  • Strong presentation skills; ability to adjust message and filter details based on audience (e.g. technical, business, management)
Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.5 billion in 2015, employs approximately 10,400 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.
Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody’s also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.