(Enter skills, job title, etc.)

AVP - Information Security Risk Analyst

Job Title:

AVP - Information Security Risk Analyst

Location:

New York, NY

Industry:

Information Technology

Job Description:

  Moody’s is seeking an Information Security Risk Analyst to join the IT Risk organization and be part of a team responsible for IT Risk Assessments, including cyber assessments of Third Parties and third party products. The role will be responsible for participating in and further developing the Third Party Cyber Risk Management program aimed to identify, mitigate, monitor and manage risks associated with Third Party relationships. The role will also be responsible for assessing new software and vendor products. In addition to assessment responsibilities, this position will act in an advisory role to Moody’s affiliates to strengthen their cyber risk posture and establish appropriate cyber risk & security standards. Other responsibilities may include conducting contract reviews, coordinating IT Risk responses to client inquiries, as well as other departmental initiatives, administrative matters, and special projects as assigned by the Information Security leadership team. 
 
  • Serve as a Subject Matter Expert (SMEs) for Third Party Cyber Risk Management
  • Plan, conduct and manage Third Party cyber risk assessments in accordance with Moody’s Third Party Cyber Risk Management program
    • Partner with Sourcing, Business Owners and other stakeholders to understand the third party relationships,  and tier third parties based on the engagement details
    • Issue and manage the completion of due diligence questionnaires with vendors
    • Review and assess third party due diligence questionnaires and supplied documentation
    • Identify, document and measure third party risk
    • Effectively document and communicate risk assessment results
    • Communicate the risks to Business Owners and stakeholders
    • Develop proposed remediation solutions for identified risks and work with the vendors to track remediation to closure
    • Plan and conduct onsite Third Party assessments in the US and abroad, develop onsite reports, manage remediation activities for identified risks and track them to closure
  • Be actively engaged in Third Party Cyber Risk Management program development and maturing of risk management processes, tools, metrics and reporting
  • Conduct IT Risk assessments of new software and vendor products. Identify, document and measure risks. Communicate the risks to Business Owners and stakeholders
  • Acti in advisory role to Moody's affiliates to strengthen their cyber risk posture and establish appropriate cyber risk & security standards

 

Job Requirements:

·         Bachelor's degree
·         4-7 years of experience in Third Party risk management, information security, or related It Risk experience
·         Solid understanding of information security principles, standards and best practices
·         Familiarity with cyber security frameworks and standards (ISO, NIST, COBIT, BITS, SIG/AUP, etc.), SSAE16-18, SOC reports
·         Applied technical background associated with data security, systems architecture, infrastructure, cloud computing, etc.
·         Highly motivated, self-sufficient individual, able to work independently
·         Ability to take the initiative and achieve results in a fast-paced and dynamic environment
·         Excellent interpersonal, written and verbal communication skills
·         Ability to tailor communication to the audience; ability to express technical observations and opinions in layman terms
·         CISSP, CISM, CRISC, CISA or equivalent certifications a plus
·         10% multi-day travel to Third Party locations in the US and abroad as required

Tip of the Week


Make sure your LinkedIn profile is identical or similar to your resume. Consistency is key!

 

View Starpoint's Top Tips.

Send Us Your Resume


Let Starpoint's expert recruiters help you land your next job.

 

Submit Your Resume

@Starpoint_Jobs