Moody’s IT Risk Management is looking for a Managing Director of IT Risk Controls and Assessment to join its growing organization responsible for running its global security control and risk assessment program. This is a challenging position requiring a strong background in Risk and Information Security with a deep knowledge of IT regulatory compliance requirements, information security standards and best practices, application security and solid communication and organization skills.
The ideal candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight. A successful candidate is adept at relationship building and has the ability to understand the organizational relationships needed to successfully drive company-wide initiatives both at an executive and execution level. This position reports directly to the CISO (Chief Information Security Officer).
Key Responsibilities
•Implements and maintains a control program focused on Cyber Security and IT Risk and Security Management with requisite reporting for executive management and the Board
•Owns implementation of information security policies and standards and drives compliance across the company; oversees associated risk acceptance and exception management processes
•Develops a consistent approach to responding to regulatory and audit requests about Information Security
•Drives the vision and execution of the security risk assessment process for vendors, internal IT and business projects, and merger and acquisition due diligence
•Owns the security design and architecture strategy including the relationship with Enterprise Architecture and the IT Risk and Security Roadmap
•Runs the IT Disaster Recovery program including periodic testing and alignment with company’s business continuity plans
Qualifications
•Technical maturity in multiple security domains with an emphasis on application security and control frameworks. The candidate is hands on and able to dive into technical details with subject matter experts.
•Strong understanding of application security with prior experience in a hands on application security design or testing role strongly preferred
•Direct, recent experience implementing and operating control programs based on industry standard frameworks such as NIST, SANS, and ISO.
•Experience in partnering with the business units to understand business risks and possess the ability to think in a risk vs. reward manner and articulate those choices to senior executives in business terms
•Strategic thinker with a process focus and a performance mindset, who is goal oriented and possesses a service focused approach
•Leading teams that include consulting and off shore resources including managed services delivery models
•Demonstrates strong communication and relationship management skills
•A minimum of 15 years of experience with increasing levels of responsibility within a large, complex corporate information technology or risk management environment is necessary.
Education
Bachelor’s degree in computer science, information systems, engineering, business administration or a related field is required. A master’s degree in computer science, information systems, engineering, business administration or a related field is preferred, but not required.
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.
Posts
