Job Description

Experience Level: Experienced Hire

Categories:

  • Engineering & Technology

Location(s):

  • 7 World Trade Center, 250 Greenwich Street, New York, New York, 10007, US

Moody’s is a developmental culture where we value candidates who are willing to grow. So, if you are excited about this opportunity but don’t meet every single requirement, please apply! You may be a perfect fit for this role or other open roles.

Moody's is a global integrated risk assessment firm that empowers organizations to make better decisions.

At Moody’s, we’re taking action. We’re hiring diverse talent and providing underrepresented groups with equitable opportunities in their careers. We’re educating, empowering and elevating our people, and creating a workplace where each person can be their true selves, reach their full potential and thrive on every level. Learn more about our DE&I initiatives, employee development programs and view our annual DE&I Report at moodys.com/diversity

The Data Solutions operating unit (OU) is the commercial data business of Moody’s. We are 1,300 professionals who curate, manage, and provide data to 10,000 customers worldwide. We are best known for our Orbis database, which is the world’s most comprehensive database of public and private companies. We are also the definitive source of ratings-related data for companies and securities that have been rated by Moody’s Ratings. Within Data Solutions, we have various strategic and operational teams that specialize in curating and sourcing data and keeping all our databases accurate, relevant, and up-to-date. Any analytical activity depends on reliable and usable data, and we are proud to be a trusted source of information for decision makers around the world.

This role is for a senior leader who will assume responsibility for the overall risk management, resilience, and general integrity of the Data Solutions business. Responsibilities revolve around identifying, assessing, and mitigating risks within our technology and operations in order to ensure we meet and exceed internal as well as external expectations. The person in this role is expected to establish and oversee a control framework to ensure we are effectively managing the risks of our business.

This role is highly visible. It involves participation in the Senior Leadership Team of Data Solutions, which includes the senior-most executives within the business. It also requires continued engagement with the C-suite of Moody’s, particularly the General Counsel, the Chief Audit Executive, the Chief Information Security Officer, and the Chief Compliance Officer.

A successful candidate will have a strong controls-based mindset to ensure we provide the stability, security, and resilience that our customers have come to expect from Moody’s. A successful candidate will be expected to implement a controls framework, particularly to address risks surrounding acquisition of data from third parties, process automation, data ingestion, and delivery of data and data-related applications to customers.

A successful candidate will also ensure that our solutions comply with local regulations like GDPR, and where relevant, lead our pursuit of industry-recognized certifications like SOC. In doing so, you will interact with various stakeholders - including customers, auditors, and regulatory bodies - to understand their needs and expectations.

Requirements of this role include establishing an Enterprise Risk Management (ERM) framework, risk governance structure, and ongoing methods for assessing and monitoring risks based on Data Solutions’ obligations to internal and external stakeholders.

Key Responsibilities

Risk, Controls, and Compliance

    • Establish an Enterprise Risk Management framework and effective internal controls environment
    • Collaborate with Moody’s Corporation IT, Information Security, and Internal Audit to demonstrate leadership and stay on top of industry changes around needs and norms
    • Ensure SOC compliance and both external and internal audit controls
    • Lead the selection of various risk monitoring, alerting, and process management tools
    • Work with technology leaders to ensure all customer-facing solutions are within tolerances for static/dynamic code analysis, patching, penetration testing, and vulnerability management, and help drive adoption of Secure SDLC practices
    • Work with internal teams to ensure regulations such as GDPR are consistently understood and followed
    • Coordinate the roll-out of controls and work with leaders and stakeholders to implement regular reporting and attestation of controls

Security & Stability

    • Help set expectations for risk monitoring and resilience around all processes and technologies used within Data Solutions
    • Work with Corporate IT to ensure enterprise and unit-specific objectives are achieved
    • Help identify and drive improvements to the availability, scalability, latency and efficiency for all products and services
    • Ensure appropriate incident response mechanisms (e.g., for stakeholder identification, escalation planning, etc.) in line with best practice
    • Engage with stakeholders to define and implement risk-oriented business policies such as access management, third party risk management, media handling, and so forth
    • Help ensure the dissemination of enterprise standards around risk management

Qualifications

  • 10+ years experience as a leader in Risk and Controls management
  • Strong background in the design and implementation of control-focused processes and the technology to support them
  • Ability to develop a full and deep understanding of business operations and how they create value and risk for organizations
  • Ability to think with a control and process mindset
  • Ability to effectively analyze risk within the context of the business problems
  • Experience interpreting and implementing a multitude of regulatory requirements (e.g., GDPR, California Privacy, etc.)
  • Prior success in meeting financial audit and regulatory requirements (SOC, etc.)
  • Demonstrated understanding of controls around customer-facing technology, including:
    • 5+ years experience with implementing controls in cloud computing environments
    • Familiarity with secure agile software development
    • Familiarity with incident detection, response, communications, and remediation. This role requires managing and participating in incident response meetings as they arise
  • Ability to effectively manage cross-functional project teams with direct and indirect reports, with a proven ability to marshal matrixed resources needed to meet project deliverables
  • Adaptability and flexibility to work on a variety of assignments as defined by current priorities
  • Strong presentation skills involving large and varied audiences, with ability to adjust message and filter details based on audience (e.g., different nationalities, seniority levels, risk sensitivities, etc.)
  • Proven ability to lead projects and initiatives within schedule and budget

For US-based roles only: the anticipated hiring base salary range for this position is $192,500 - $279,200, depending on factors such as experience, education, level, skills, and location. This range is based on a full-time position. In addition to base salary, this role is eligible for incentive compensation. Moody’s also offers a competitive benefits package, including not but limited to medical, dental, vision, parental leave, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, a discounted employee stock purchase plan, and tuition reimbursement.

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody’s also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.

This position may be considered a promotional opportunity, pursuant to the Colorado Equal Pay for Equal Work Act.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law. Click here to view our Pay Transparency Nondiscrimination statement. Click here to view our Notice to New York City Applicants.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.

For more information on the Securities Trading Program, please refer to the STP Quick Reference guide on ComplianceNet

Please note: STP categories are assigned by the hiring teams and are subject to change over the course of an employee’s tenure with Moody’s.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online