Sr Risk Management Analyst

Senior Risk Analyst

Risk, Technology and Operations, Moody's Analytics

Moody's (NYSE: MCO) is a global integrated risk assessment firm that empowers organizations to make better decisions. Our data, analytical solutions and insights help decision-makers identify opportunities and manage the risks of doing business with others. We believe that greater transparency, more informed decisions, and fair access to information open the door to shared progress. With over 11,000 employees in more than 40 countries, Moody's combines international presence with local expertise and over a century of experience in financial markets. Learn more at moodys.com.

Moody's Analytics provides financial intelligence and analytical tools supporting our clients' growth, efficiency and risk management objectives. The combination of our unparalleled expertise in risk, expansive information resources, and innovative application of technology, helps today's business leaders confidently navigate an evolving marketplace.

Job Description

The Moody's Analytics Risk Management team within the Risk, Technology and Operations group oversees Moody's Analytics enterprise risk management framework and implements its risk management activities, with the objectives of safeguarding sensitive business data, protecting data privacy, addressing information security threats, ensuring legal and regulatory compliance, meeting customer requirements for controls assurance, and promoting user awareness. The team collaborates with lines of business across Moody's Analytics and Moody's Shared Services to reduce risk to acceptable levels while enabling business priorities.

The Senior Risk Analyst will partner with Moody's customers and internal teams to:

• Respond to Moody's customers to help them complete their vendor risk reviews of Moody's software products and the information security controls that protect customer data.
• Work closely with Moody's sales and legal teams to support the sales process from RFP submission through contract negotiations. Be a trusted expert on information security and controls-related details for Moody's products.
• Engage with teams across Moody's in sales, product management, development, operations, and business continuity to give customers the information they need to complete their risk reviews of Moody's products.
• Create and maintain documentation for customers on Moody's products' information security controls.
• Assist with other enterprise and technical risk management activities as needed:
  • Perform internal risk assessments of products and services
  • Run risk remediation projects related to IT and cyber control improvements
  • Support audit engagements, which include both internal audits of Moody's products and external audits for SOC 1 and SOC 2 reports

Qualifications

• Excellent verbal and written communication skills. Ability to handle negotiations and difficult conversations.
• Organized, attentive to detail, and able to prioritize and meet deadlines.
• Strong analytical, problem-solving, collaboration, and project management skills.
• Knowledge of IT and cyber controls and frameworks (SOC 1 and SOC 2, NIST, ISO 27001, COBIT).
• 3 to 5 years' experience in IT audit, enterprise risk management, information security, or vendor risk management.
• Familiarity with software development practices and enterprise technology operations, particularly in public cloud environments.
• Proficient with Microsoft Office applications; familiarity with GRC platforms.
• CISA, CRISC, CISSP, PMP certification or equivalent experience.

For US-based roles only: the anticipated hiring base salary range for this position is $92,700.00 to $134,400.00, depending on factors such as experience, education, level, skills, and location. This range is based on a full-time position. In addition to base salary, this role is eligible for incentive compensation. Moody's also offers a competitive benefits package, including not but limited to medical, dental, vision, parental leave, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, a discounted employee stock purchase plan, and tuition reimbursement.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.

This position may be considered a promotional opportunity, pursuant to the Colorado Equal Pay for Equal Work Act.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law. Click here to view our Pay Transparency Nondiscrimination statement. Click here to view our Notice to New York City Applicants.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.