- New York, NY, USA
- Permanent, Full time
- 21 Sep 17
Location: New York, NY, USARole/Responsibilities :
Moody's Information Risk and Security is looking for an Assistant Vice President, Security Architecture and Application Assessment, to join its growing organization. This is a challenging position requiring a strong background in Information Security practice, deep knowledge of Information Security standards and best practices, and solid communication and organization skills. The candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability to work independently with minimal oversight.
The Moody's Information Risk and Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody's business and regulatory requirements. The team's mission is to identify risks to Moody's data and systems, and implement strategies to aid in defending against and mitigating those risks. They are responsible for key programs including Security Architecture, Cyber Security, Identity Management and Vendor Security Management. The Information Risk and Security team sets strategic direction for IT risk and security globally and aligns with stakeholders throughout the organization.
- Provide security architecture designs and security consulting services for enterprise IT projects that cross multiple platforms and ensure alignment with Moody's security architecture.
- Conduct security assessments and manage remediation activities for in-house developed applications - must have a strong understanding of secure-coding standards and practices. Be able to evaluate of vendor developed code and security designs and determine if there are vulnerabilities in the delivered solutions.
- Act as a liaison to Moody's Enterprise Architecture Group, ensuring security designs is incorporate architecture best practices such as TOGAF and SABSA frameworks
- Work directly with product and development managers to track and remediate application vulnerabilities
- Mature and help implement Moody's Threat Modeling capability with SDLC and Application development efforts
- Support the creation of Moody's Information Security policies and standards aligned with industry best practices and business needs
- Represent Information Risk on organizational project teams and ensure adherence to existing security policies ,standards, and identified reference architectures
- Support the creation of and adherence to Cyber-Security and Information Security Reference Architectures by developing reusable patterns for security
- Represent Security Architecture at both the Moody's Software Development Life Cycle forum and Product Development Life Cycle reviews
- Support the evaluation of security concerns with new and emerging technologies with particular focus on Cloud, SaaS, and PaaS; knowledge of MS Azure / AWS is a plus
- Support successful delivery of Information Security projects and services for our customers by working directly with key business stakeholders.
Minimum education and work experience required for this position include:
- Minimum 7-10 years of experience in IT industry, preferably in a financial services or consulting organization
- BS or BA degree, preferably in technology/business or equivalent
- Relevant certifications such as CISSP, CISM, SANS, TOGAF or other known technical security certifications are a plus Key Competencies:
- Ability to think with a security mindset. The successful candidate has a strong IT background with in depth knowledge of several key security practice area: access control; application security; network security; security architecture; security strategy.
- Ability to articulate the business risk associated with identified security weaknesses
- Adaptability and flexibility to work on a variety of assignments as defined by constantly evolving priorities.
- Maintains knowledge base on high profile, public cyber security breaches and able to quickly understand and articulate their associated actors, exploits and opportunities to improve Moody's specific defense capabilities.
- Strong knowledge of application architecture, development and secure coding practices.
- Knowledge of the software development methodologies, including waterfall, agile, and DevOps.
- Strong knowledge of regulatory standards that govern Information Security practices within the Financial Industry such as SOX, PCI, and state and federal privacy laws.
- Knowledge of Identity and Access Management (IAM) technologies such as Identity Management platforms, Active Directory, Authentication/Authorization protocols, Provisioning, and Single Sign On technologies.
- Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
- Strong presentation skills involving large and of varying IT background audiences.
Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.6 billion in 2016, employs approximately 10,700 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email firstname.lastname@example.org.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.