Sr Risk Management Analyst

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are-with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. 

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Senior Risk Management Analyst

Customer, Operations and Risk, Moody’s Analytics

Job Description

The Moody’s Analytics (MA) Risk Management team within the Customer, Operations, and Risk group oversees MA’s enterprise risk management framework and implements its risk management activities, with the objectives of safeguarding sensitive business data, protecting data privacy, addressing information security threats, ensuring legal and regulatory compliance, meeting customer requirements for controls assurance, and promoting risk awareness. The team collaborates with lines of business across MA and Moody’s Shared Services to reduce risk to acceptable levels while enabling business priorities.

Role/Responsibilities:

The Senior Risk Management Analyst role will support our risk management and compliance efforts, with a primary focus on assisting in cybersecurity risk initiatives and SOC1/SOC2, ISO audits of Moody Analytics software products and services. This role will also support technology and cyber risk assessments and monitoring risk remediation activities. Responsibilities include:

• Support ISO Audits: Assist in ISO compliance initiatives and related audit processes. Assist in the development and maintenance of policies, procedures, and controls in alignment with ISO requirements.
• Risk Remediation Monitoring: Assist in monitoring and tracking the progress of risk and issue remediation activities. Collaborate with stakeholders to ensure timely and effective remediation of identified risks and issues.
• Assist in SOC1/SOC2 Audits: Assist in coordinating and supporting SOC 1 and SOC 2 compliance activities, including preparation for and facilitation of audits. This includes gathering relevant documentation from stakeholders and liaising with external auditors.
• Documentation and Reporting: Maintain accurate and up-to-date documentation through Wiki pages and JIRA, including project status updates.
• Project Management: Assist in tracking and managing multiple information security, risk management projects and collaborate with cross functional teams to ensure successful implementation of these projects. Provide regular updates and reports on project status, risks and issues to senior management.
• Training and Awareness: Participate in training sessions related to risk management, compliance, and audit processes. Assist in raising awareness of compliance requirements within the organization.

Qualifications

• Excellent verbal and written communication skills
• Organized, attentive to detail, and able to prioritize and meet deadlines.
• Strong analytical, problem-solving, collaboration, and project management skills.
• Minimum of 5 to 6 years’ experience in cybersecurity, project management, IT audit or information security.
• Knowledge of IT and cyber controls and frameworks (SOC 1 and SOC 2, NIST, ISO 27001, COBIT).
• Excellent knowledge of regulatory requirements and industry standards (e.g., GDPR, HIPAA).
• Proficiency in risk assessment and management methodologies.
• Experience with project management tools, like JIRA and Wiki
• Background in audit preparation and coordination
• Familiarity with software development practices and enterprise technology operations
• Proficient with Microsoft Office applications; familiarity with GRC platforms.
• Strong organizational and time management abilities.

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.