- New York City, NY, USA
- Festanstellung, Vollzeit
IT Risk Analyst
Standort: New York City, NY, USAMoody's IT Risk department is looking for an IT Risk Analyst - IT Risk and Control Management to join its growing organization. This is a challenging position requiring a familiarity in Regulatory (Sarbanes Oxley) Coordination and a familiarity of IT Risk. The ideal candidate should be very motivated and willing to take on challenges, able to multi-task to succeed and has the ability to work independently and with minimal oversight. The role offers exposure to senior level management and leadership opportunities, in addition to gaining in-depth insight into the IT Risk business.
The Moody's IT Risk Management team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody's business and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company's Cyber Security program. The IT Risk Management team sets strategic direction for IT risk and security globally and aligns with stakeholders throughout the organization.
- Present to senior level management on project updates on a weekly /monthly basis
- Responsible for the coordination, tracking and remediation of open action items as they arise from regulatory requirements
- Coordinates efforts across multiple departments to ensure SOX compliance requirements are met within required deadlines
- Identifies internal control deficiencies and ensures the timely implementation of corrective actions
- Work closely with action item owners and internal audit to elicit and agree requirements, remediation steps and see progress to successful closure
- Perform testing and interact with external auditors as needed
- Build strong working relationships with both IT and business partners, establishing working groups and workshops with key IT stakeholders and vendors as required
- Conducts and is accountable for weekly tracking, coordination and reporting; ensuring proper escalation of issues to senior management
- Utilize SOX and IT Risk experience to support audits and regulatory projects
- Participate in process improvement initiatives and new projects to ensure internal controls are incorporated to adequately mitigate business risks
- Significant experience in IT Risk Management, Information Security and/or IT Audit, preferably within the financial services industry or a consulting organization.
- Strong Sarbanes-Oxley and COBIT Framework familiarity.
- Understand key IT and automated business processes and perform testing of the design and operating effectiveness of controls within those processes (General IT Controls and Automated Business Controls).
- BS or BA degree, preferably in technology, business or equivalent.
- Relevant certifications, such as CISSP, CRISC, CISA, CISM, are a plus.
- Control program execution and reporting management through a Governance Risk and Compliance solution.
- Must be comfortable with reporting directly to management in the New York office headquarters and working with team members across multiple continents and countries.
- Strong knowledge of laws, regulations and standards that govern Information Security practices such as NIST CSF, SOX
- Experience managing an ISO-27002 or NIST aligned security program.
- Experience programmatically assessing and managing security risks associated with vendors, confidential and personal data, critical IT assets, technology projects, and business initiatives.
- Demonstrated leadership in GRC tool selection, deployment and management and in GRC workflow definition and automation.
- Experience coordinating across business units, audit, compliance and legal teams to provide outside entities with technology evidence, documented exceptions, mitigating controls, and/or remediation activities underway to verify technology compliance.
- Strong presentation skills involving large and of varying IT background audiences; ability to adjust message and filter details based on audience.
- Must have experience working with multiple teams and stakeholders to coordinate SOX related activities in a timely manner
- Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email firstname.lastname@example.org.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.