Let's begin! Director - Risk Management - Audit (9210)

At Moodys we unite the brightest minds to turn todays risks into tomorrows opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they arewith the freedom to exchange ideas think innovatively and listen to each other and customers in meaningful ways.

If you are excited about this opportunity but do not meet every single requirement please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship lead with curiosity champion diverse perspectives turn inputs into actions and uphold trust through integrity.

Job Description
The Moodys Analytics (MA) Banking Risk Management team oversees the Banking segments risk management framework to safeguard sensitive business data ensure regulatory compliance protect against security threats and meet customer requirements for controls assurance. As a trusted partner to both internal stakeholders and external customers the team collaborates with Corporate Risk Management and Moodys Shared Services to reduce risk while enabling business priorities.

Role Overview
The Director Banking Risk Management will lead risk management and compliance efforts for Moodys Analytics Banking software products and services focusing on SOC1/SOC2 and ISO audits customer audits and risk remediation activities. This role will also serve as a key liaison for customer inquiries regarding technology and cyber due diligence assessments while driving strategic risk awareness across the organization.

Key Responsibilities

Audit Management:

• Lead the preparation coordination and execution of SOC1/SOC2 and ISO audits including gathering relevant documentation conducting internal assessments and liaising with external auditors.
• Ensure compliance with ISO standards (e.g. ISO 27001) by maintaining and enhancing policies procedures and controls.
• Support customer audits by providing necessary documentation responding to inquiries and ensuring alignment with customerspecific requirements.

Customer Engagement:

• Act as a trusted advisor to customers addressing vendor risk assessments and technology due diligence inquiries.
• Collaborate with sales and legal teams to support RFP submissions contract negotiations and customer risk reviews ensuring accurate and timely responses on information security controls.
• Engage with teams across Moodys in sales product management development and operations to provide customers with the information needed to complete their reviews.

Risk Monitoring and Remediation:

• Track and oversee risk remediation activities ensuring timely and effective resolution of identified risks.
• Monitor compliance with policies procedures and regulatory requirements while identifying areas for improvement and automation.
• Contribute to Moodys thirdparty risk management framework and support its implementation within the Banking segment.

Documentation and Reporting:

• Maintain accurate and uptodate records of audit activities findings and remediation efforts.
• Create customerfacing documentation and reports on Moodys software products information security controls.

Qualifications:

Technical Expertise:

• Strong knowledge of IT and cybersecurity controls frameworks and standards including SOC1 SOC2 NIST ISO 27001 COBIT and C5.
• Familiarity with software development practices enterprise technology operations and public cloud environments (e.g. AWS GCP Azure).
• Experience conducting audits such as SOC1/SOC2 ISO audits and customer audits.

Experience:

• 6 to 9 years of experience in IT audit enterprise risk management information security or vendor risk management.
• Proven track record of managing compliance programs and risk remediation activities.
• Proven experience mentoring coaching or managing junior staff with the ability to inspire and develop talent within a highperforming team.

Skills:

• Excellent verbal and written communication skills with the ability to handle negotiations and complex conversations with clients and auditors.
• Strong analytical problemsolving collaboration and project management skills.
• Highly organized detailoriented and capable of prioritizing and meeting deadlines in a dynamic environment.
• Familiarity with Governance Risk and Compliance (GRC) platforms.

Certifications:

• Professional certifications such as CISA (Certified Information Systems Auditor) CRISC (Certified in Risk and Information Systems Control) CISSP (Certified Information Systems Security Professional) or PMP (Project Management Professional) or equivalent experience.

For USbased roles only: the anticipated hiring base salary range for this position is$143800.00$208600.00 depending on factors such as experience education level skills and location. This range is based on a fulltime position. In addition to base salary this role is eligible for incentive compensation. Moodys also offers a competitive benefits package including not but limited to medical dental vision parental leave paid time off a 401(k) plan with employee and company contribution opportunities life disability and accident insurance a discounted employee stock purchase plan and tuition reimbursement.

Moodys is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color sex gender age religion or creed national origin ancestry citizenship marital or familial statussexual orientation gender identity gender expression genetic information physical or mental disability military or veteran status or any other characteristic protected by law. Moodys also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation or need assistance with completing the application process please email . This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

For San Francisco positions qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.

This position may be considered a promotional opportunity pursuant to the Colorado Equal Pay for Equal Work Act.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law. Click here to view our Pay Transparency Nondiscrimination here to view our Notice to New York City Applicants.
Candidates for Moodys Corporation may be asked to disclose securities holdings pursuant to Moodys Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy including remediation of positions in those holdings as necessary.

For more information on the Securities Trading Program please refer to the STP Quick Reference guide on ComplianceNet

Please note: STP categories are assigned by the hiring teams and are subject to change over the course of an employees tenure with Moodys.