Moody's is a developmental culture where we value candidates who are willing to grow. So, if you are excited about this opportunity but don't meet every single requirement, please apply! You may be a perfect fit for this role or other open roles.
Moody's is a global integrated risk assessment firm that empowers organizations to make better decisions.
At Moody's, we're taking action. We're hiring diverse talent and providing underrepresented groups with equitable opportunities in their careers. We're educating, empowering and elevating our people, and creating a workplace where each person can be their true selves, reach their full potential and thrive on every level. Learn more about our DE&I initiatives, employee development programs and view our annual DE&I Report at moodys.com/diversity
Want more jobs like this?
Get jobs in London, United Kingdom delivered to your inbox every week.
The Moody's Analytics Risk Management team within the Risk, Technology and Operations group oversees Moody's Analytics enterprise risk management framework and implements its risk management activities, with the objectives of safeguarding sensitive business data, protecting data privacy, addressing information security threats, ensuring legal and regulatory compliance, meeting customer requirements for controls assurance, and promoting user awareness. The team collaborates with lines of business across Moody's Analytics and Moody's Shared Services to reduce risk to acceptable levels while enabling business priorities.
The Senior Risk Analyst will partner with Moody's customers and internal teams to:
Respond to Moody's customers to help them complete their vendor risk reviews of Moody's software products and the information security controls that protect customer data.
Work closely with Moody's sales and legal teams to support the sales process from RFP submission through contract negotiations. Be a trusted expert on information security and controls-related details for Moody's products.
Engage with teams across Moody's in sales, product management, development, operations, and business continuity to give customers the information they need to complete their risk reviews of Moody's products.
Create and maintain documentation for customers on Moody's products' information security controls.
Assist with other enterprise and technical risk management activities as needed:
o Perform internal risk assessments of products and services
o Run risk remediation projects related to IT and cyber control improvements
o Support audit engagements, which include both internal audits of Moody's products and external audits for SOC 1 and SOC 2 reports
Qualifications
Excellent verbal and written communication skills. Ability to handle negotiations and difficult conversations.
Organized, attentive to detail, and able to prioritize and meet deadlines.
Strong analytical, problem-solving, collaboration, and project management skills.
Knowledge of IT and cyber controls and frameworks (SOC 1 and SOC 2, NIST, ISO 27001, COBIT).
3 to 5 years' experience in IT audit, enterprise risk management, information security, or vendor risk management.
Familiarity with software development practices and enterprise technology operations, particularly in public cloud environments.
Proficient with Microsoft Office applications; familiarity with GRC platforms.
* CISA, CRISC, CISSP, PMP certification or equivalent experience.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.