associate director risk management

Imagine what we can DEVELOP with you True leaders are always learning. Moody’s is home to information architects, thinkers, builders, and passionate problem solvers, a collection of diverse viewpoints working together to bring out our best. Join us. Forward Together. Moody’s (NYSE: MCO) is a global integrated risk assessment firm that empowers organizations to make better decisions. Our data, analytical solutions and insights help decision-makers identify opportunities and manage the risks of doing business with others. We believe that greater transparency, more informed decisions, and fair access to information open the door to shared progress. With over 11,000 employees in more than 40 countries, Moody’s combines international presence with local expertise and over a century of experience in financial markets. Learn more at moodys.com. At Moody’s, we’re taking action. We’re hiring diverse talent and providing underrepresented groups with equitable opportunities in their careers. We’re educating, empowering and elevating our people, and creating a workplace where each person can be their true selves, reach their full potential and thrive on every level. Learn more about our DE&I initiatives, employee development programs and view our annual DE&I Report at moodys.com/diversity Moody’s Analytics provides financial intelligence and analytical tools supporting our clients’ growth, efficiency and risk management objectives. The combination of our unparalleled expertise in risk, expansive information resources, and innovative application of technology, helps today’s business leaders confidently navigate an evolving marketplace. Department Moody’s Analytics provides Risk, Finance and Lending solutions to the Banking Industry. We deploy globally these solutions as SaaS to Financial Institutions. Role/Responsibilities As an expert in our Risk Management team, you will be contributing to a global team in charge of sales enablement on Cloud Security topics and guiding our product teams in the certifications of our SaaS solutions. The position is based in Europe, and the focus will be primarily on the European, Middle East, African, and APAC regions where our customer base is expanding. Furthermore, you will interact directly with our product teams based in France. You will be the link between our EMEA & APAC operations and the rest of the team located in America. In general, you will be expected to assist in performing project tasks such as: SALES ENABLEMENT AND CONTROLS ASSURANCE * Be a trusted partner for Moody’s sales teams. Plan, coordinate, and develop materials for, and deliver risk and controls training related to MA products to enable Sales to address customer product inquiries(security, data protection, certifications, and compliance) and concerns faster and more accurately. * Support the SOC compliance program for Moody’s Analytics products by providing subject matter expertise, documenting controls and control gaps, and identifying and acting on process improvement opportunities to improve program efficiency. * Assessing our customers security requirements in comparison to our standard Service Level Agreements and adapt the sales pitch and contractual commitment consequently. Those discussions will be done jointly with Sales, Product Management and Legal departments. Work with customers to complete their annual vendor third-party risk reviews of Moody’s products and services. * Assisting customers with their audit and security requirements through various Requests for Information and participating in customer meetings to manage audit expectations. ENTERPRISE RISK MANAGEMENT * Work with the enterprise risk management team to support ERM reporting to senior business management and Moody’s Board of Directors. Partner with risk owners to assess risk impact, and develop and track mitigation plans. CYBER AND DATA RISK PROGRAM MANAGEMENT AND COORDINATION * Work with the Moody’s Information Risk and Security to ensure cross-organizational participation and communication across program work streams. Collaborate with Information Risk to drive working group for on-going communications and awareness activities related to cyber risk. * Provide subject matter expertise on personal data risk, data privacy, and data protection. * Manage risk identification and drive remediation project activities. A key focus area is the continued maturation of controls and processes around sensitive data, including personal data. Support firm-wide GDPR and CCPA compliance efforts. * Coordinate with privacy legal teams (Americas and EMEA) to identify and address risks associated with key privacy and regulatory requirements, including GDPR records of processing activities and development of OneTrust repository and GDPR audits. To achieve these tasks, a strong background in Audit and cloud deployment is required and specifically: * Strong knowledge of global cloud Outsourcing regulations and those for EMEA & APAC (e.g. EBA Guidelines on outsourcing arrangements) * Strong background in Audit related activities, specifically SOC 1 and SOC 2 compliance * Strong background on data sensitivity: PII, GDPR, Encryption… * Experience on Cloud Platform (AWS, Azure, Google, others). AWS, Google Cloud, or Microsoft Azure Certification is a plus Qualifications Minimum education and work experience required for this position include: * 7+ years’ experience in risk management, information security, data privacy, project management, and/or audit, preferably in a financial services or consulting organization. * Strong knowledge of global cloud outsourcing regulations and those for EMEA & APAC (e.g. EBA Guidelines on outsourcing arrangements) * BS or BA degree, preferably in technology, business or equivalent. * Relevant certifications such as CISSP, CISM, CRISC, CISA, or PMP are a plus. * Experience on Cloud Platform (AWS, Azure, Google, others). AWS, Google Cloud, or Microsoft Azure Certification is a plus KEY COMPETENCIES * Track record of successful delivery of projects and initiatives within schedule and budget. * Able to effectively lead cross-functional project teams that consist of indirect reports; have a proven ability to marshal resources, delegate tasks, provide guidance, set expectations for quality, manage and resolve issues or conflicts, and provide timely and transparent project information to senior management. * Ability to develop a full and deep understanding of the business operations, and how they create value and risk for organizations. * Ability to think with a control and process mindset. Experience managing risk, security, or control programs, preferably aligned with ISO or NIST standards. Familiarity with data privacy regulations and compliance requirements is a plus. * Ability to effectively analyze risk within the context of the business problems. * Adaptability and flexibility to work on a variety of assignments as defined by current priorities. * Strong presentation skills to audiences at all levels; ability to adjust message and filter details based on audience. * Demonstrated ability to interact effectively, internally and externally, with senior representatives of the organization. Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law. Candidates for Moody’s Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.