Risk Manager - Cyber

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are-with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. 

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Welcome to the Data Estate—where we’re redefining the future of data management and analytics at

Moody’s.

Our mission is simple yet powerful: to deliver precise and timely data with a commitment to innovation. We achieve this by building a resilient, technology-driven platform—powered by Generative AI and advanced data capabilities—that fuels innovation, supports Moody’s strategic objectives, and accelerates growth across Moody’s Analytics. The result? Enduring value for the business and our clients. Join a dynamic, forward-thinking team that’s shaping the future of data. If you're passionate about data quality, governance, and cutting-edge innovation, explore opportunities with us—and help deliver exceptional results that make a real impact.

The Asst Dir-Risk Management’s primary responsibility will be to provide the conceptual and critical thinking and execution needed to deliver secure web applications. This hands-on position will focus on providing application security services, including, but not limited to, facilitating automated and manual code reviews, application threat modeling, and oversight of the secure SDLC process.

Additionally this position will be a subject matter expert in application security and provide consultative services to the programming/development team through code-level remediation advice on potential application vulnerabilities that were identified through application security assessment and code review methodologies. Must possess the ability to work independently and also as part of a collaborative team.

Responsibilities include:

· Delivering centralized application security services

· Providing dedicated security functions in accordance to the needs, risk level, and plans provided by

the corporate security plan

· Managing the risk posture, regulatory compliancy assurance, and the coordination of security plans

in conjunction with the Senior Director of Risk Management

· Monitor, schedule and communicate information security tasks, events and trends

· Identification, monitoring and reporting of risk items to the Senior Director of Risk Management

· Development and reporting of key metrics

· Documentation of the application security program (Secure Coding Policies, Security Guidelines,

Best Practices, Checklists, etc.).

· Mentorship and guidance to business security champions and other security analysts

· Performs other related duties as assigned

Qualifications:

· Bachelor's degree in Information Assurance, Information Security, Information Systems or related

field preferred

· Information Security certifications and Security Product Certifications are desirable

· 6+ years information security experience in a large and complex business environment

· 3+ years experience identifying and remediating application security risks as part of vulnerability

assessments and remediation programs

· Strong knowledge of the development of application security assessment and code review

methodologies.

· Strong knowledge of application security vulnerabilities, remediation and mitigation techniques, and

secure coding practices

· Working knowledge of automated application security scanning tools such as Qualys, Splunk, Prisma

Cloud or other similar commercial solutions.

· Working knowledge of manual assessment tools, automation scripts and other commercial and open

source tools is preferred.

· Strong analytical skills to troubleshoot technical problems and determine resolution

· Strong knowledge of web technologies (.ASP, .NET, Java)

· Exposure to Application Security Maturity Models

· Collaborates effectively with cross-functional entities across the enterprise

· Organizational direction, time management, problem-solving, prioritization, goal setting, leadership

and motivation, negotiation, interpersonal relations, verbal/written communications and human

resource management

For US-based roles only: the anticipated hiring base salary range for this position is $98,400.00 -  $142,800.00, depending on factors such as experience, education, level, skills, and location. This range is based on a full-time position. In addition to base salary, this role is eligible for incentive compensation. Moody’s also offers a competitive benefits package, including not but limited to medical, dental, vision, parental leave, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, a discounted employee stock purchase plan, and tuition reimbursement.

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion or creed, national origin, ancestry, citizenship, marital or familial status, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, military or veteran status, or any other characteristic protected by law. Moody’s also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.

This position may be considered a promotional opportunity, pursuant to the Colorado Equal Pay for Equal Work Act.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law. Click here to view our Pay Transparency Nondiscrimination statement. Click here to view our Notice to New York City Applicants.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.

For more information on the Securities Trading Program, please refer to the STP Quick Reference guide on ComplianceNet

Please note: STP categories are assigned by the hiring teams and are subject to change over the course of an employee’s tenure with Moody’s.