- Omaha, NE, USA
- Festanstellung, Vollzeit
- 20 Sep 17
Assc Dir-Risk Management
Standort: Omaha, NE, USAThe Assc. Dir-Risk Management's primary responsibility will be to provide the conceptual and critical thinking and execution needed to deliver secure web applications. This hands-on position will focus on providing application security services, including, but not limited to, facilitating automated and manual code reviews, application threat modeling, and oversight of the secure SDLC process.
Additionally this position will be a subject matter expert in application security and provide consultative services to the programming/development team through code-level remediation advice on potential application vulnerabilities that were identified through application security assessment and code review methodologies. Must possess the ability to work independently and also as part of a collaborative team.
The Assc. Dir-Risk Management is provided direct access to customer financial data and must treat and maintain such data with complete confidentiality to ensure ongoing regulatory compliance.
• Delivering centralized application security services
• Providing dedicated security functions in accordance to the needs, risk level, and plans provided by the corporate security plan
• Managing the risk posture, regulatory compliancy assurance, and the coordination of security plans in conjunction with the Senior Director of Risk Management
• Monitor, schedule and communicate information security tasks, events and trends
• Identification, monitoring and reporting of risk items to the Senior Director of Risk Management
• Development and reporting of key metrics
• Documentation of the application security program (Secure Coding Policies, Security Guidelines, Best Practices, Checklists, etc.).
• Mentorship and guidance to business security champions and other security analysts
• Performs other related duties as assigned
ERS Credit Assessment and Orig
• Bachelor's degree in Information Assurance, Information Security, Information Systems or related field preferred
• Information Security certifications and Security Product Certifications are desirable
• 6+ years information security experience in a large and complex business environment
• 3+ years experience identifying and remediating application security risks as part of vulnerability assessments and remediation programs
• Strong knowledge of the development of application security assessment and code review methodologies.
• Strong knowledge of application security vulnerabilities, remediation and mitigation techniques, and secure coding practices
• Working knowledge of automated application security scanning tools such as WhiteHat Sentinel or other similar commercial solutions.
• Working knowledge of manual assessment tools, automation scripts and other commercial and open source tools is preferred.
• Strong analytical skills to troubleshoot technical problems and determine resolution
• Strong knowledge of web technologies (.ASP, .NET, Java)
• Exposure to Application Security Maturity Models
• Collaborates effectively with cross-functional entities across the enterprise
• Organizational direction, time management, problem-solving, prioritization, goal setting, leadership and motivation, negotiation, interpersonal relations, verbal/written communications and human resource management
Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.6 billion in 2016, employs approximately 10,700 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email email@example.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.