Assc Dir-Risk Management

As an Associate Director of Risk Management at Moody's, you will play a crucial role in designing, developing, and maintaining internal tools and UI applications to enhance data quality and operational efficiency. Your responsibilities will include assisting in SOC1/SOC2/C5 Audits by collaborating with product teams, supporting ISO audits to maintain compliance with ISO standards, performing technology and cyber risk assessments, monitoring risk remediation progress, maintaining accurate documentation, and supporting compliance monitoring efforts. Key Responsibilities: - Design, develop, and maintain internal tools and UI applications to support data quality and operational efficiency. - Assist in SOC1/SOC2/C5 Audits by collaborating with product teams and preparing relevant documentation. - Support ISO Audits by helping maintain compliance with ISO standards such as ISO 27001. - Perform Technology and Cyber Risk Assessments to identify vulnerabilities, threats, and potential risks. - Monitor and track the progress of risk remediation activities and collaborate with stakeholders for effective mitigation. - Maintain accurate records of audit activities, findings, and remediation efforts. - Support ongoing compliance efforts by monitoring adherence to policies, procedures, and regulatory requirements. - Participate in training sessions related to risk management, compliance, and audit processes. Qualifications Required: - Excellent verbal and written communication skills with the ability to handle negotiations and difficult conversations. - Organized, detail-oriented, and able to prioritize and meet deadlines. - Strong analytical, problem-solving, collaboration, and project management skills. - Knowledge of IT and cyber controls and frameworks such as SOC 1, SOC 2, C5, NIST, ISO 27001, COBIT. - 8 to 10 years of experience in IT audit, enterprise risk management, information security, or vendor risk management. - Familiarity with software development practices and enterprise technology operations, especially in public cloud environments. - Proficiency in Microsoft Office applications; familiarity with GRC platforms. - Certification such as CISA, CRISC, CISSP, PMP, or equivalent experience. - Minimum Bachelor's degree in Engineering or related major from a top institution; Master's degree is a plus. About the Company: The Moody's Analytics Risk Management team within the Customer, Operations, and Risk group focuses on overseeing the enterprise risk management framework and implementing risk management activities to safeguard sensitive business data, protect data privacy, address information security threats, ensure legal and regulatory compliance, meet customer requirements for controls assurance, and promote risk awareness. The team collaborates with various lines of business to reduce risk while enabling business priorities. Moody's is an equal opportunity employer, and candidates may be required to disclose securities holdings as per Moody's Policy for Securities Trading. Compliance with the Policy is necessary for employment. If you are excited about this opportunity and possess most of the qualifications listed, we encourage you to apply as you may still be a great fit for the role. As an Associate Director of Risk Management at Moody's, you will play a crucial role in designing, developing, and maintaining internal tools and UI applications to enhance data quality and operational efficiency. Your responsibilities will include assisting in SOC1/SOC2/C5 Audits by collaborating with product teams, supporting ISO audits to maintain compliance with ISO standards, performing technology and cyber risk assessments, monitoring risk remediation progress, maintaining accurate documentation, and supporting compliance monitoring efforts. Key Responsibilities: - Design, develop, and maintain internal tools and UI applications to support data quality and operational efficiency. - Assist in SOC1/SOC2/C5 Audits by collaborating with product teams and preparing relevant documentation. - Support ISO Audits by helping maintain compliance with ISO standards such as ISO 27001. - Perform Technology and Cyber Risk Assessments to identify vulnerabilities, threats, and potential risks. - Monitor and track the progress of risk remediation activities and collaborate with stakeholders for effective mitigation. - Maintain accurate records of audit activities, findings, and remediation efforts. - Support ongoing compliance efforts by monitoring adherence to policies, procedures, and regulatory requirements. - Participate in training sessions related to risk management, compliance, and audit processes. Qualifications Required: - Excellent verbal and written communication skills with the ability to handle negotiations and difficult conversations. - Organized, detail-oriented, and able to prioritize and meet deadlines. - Strong analytical, problem-solving, collaboration, and project management skills. - Knowledge of IT and cyber co