The Vice President – Risk Management provides leadership and support to deliver creative and efficient solutions in coordination with 1st line of defense technology team. This role is responsible for leading their resources to develop a framework and implement a first line IT controls testing program. VP will determine compliance with the Internal Controls Management Policy and Standards, through monitoring and testing or other assessment methods. The role will define testing scope and procedures and partner closely with control owners to perform testing/validation of IT controls in order to determine the design and operational effectiveness of the associated controls.
Additional support for oversight of IT Risk, Compliance and Audit initiatives impacting MIS Tech. Previous audit or risk management experience preferred.

Scope includes:

• Develop, implement and mature a proactive control assessment program (i.e. control testing and monitoring) in line with organizational standards.
• Consolidate the results of these assessments and report results to the appropriate leaders and risk management committees.
• Work with technical teams to develop automated testing to proactively assess control effectiveness.
• Proactively working across all 3 lines of defense to understand and leverage the full scope of current testing and assurance activities. Looking for opportunities for optimization to increase efficiency and effectiveness and reduce redundant coverage.
• Subject Matter Expertise across IT risk and control domains (i.e. Access Management, SDLC, Change and Release Management, Production/Operations Support, Data Management, etc.).
• High attention to detail in identifying, aggregating, and communicating issues and control gaps. Raise awareness and visibility of risk issues that require management focus.
• Build and maintain positive working relationships by effectively communicating and regularly sharing information, issues/points of interest, and knowledge with the team, internal and external business partners.
• Excellent time management skills and a proven ability to meet deadlines and lead multiple tasks.

Position Responsibilities:

Strategy

• Define and build a first line IT controls testing framework and program.
• Partner with MIS leaders and implement a technology strategy that will enhance overall business capabilities.
• Continuously transform the organization to building a proactive risk culture.
• Stay ahead of emerging trends and issues in information technology.

Delivery Planning and Execution

• Lead the development, management and maintenance of First Line testing/assurance/validation program for MIS Tech.
• Coordinates the implementation and execution of the Technology Control and Monitoring Testing program.
• Perform risk-based testing activities that independently evaluate the design and effectiveness of controls
• Leads IT risk assurance to include conducting meetings with control owners, conducting control tests, and analyzing and communicating results.
• Build and manage control evaluation coverage plans and metrics, including testing approach and scoping/sampling, and determining the testing procedures and scripts to be used.
• Leads all aspects related to the 1st line testing program. Monitors and adjusts to ensure delivery and successfully fulfilling defined program objectives.

Technology/Operational/ Risk Control

• Ensures compliance and control activities support technology and enterprise business objectives and are aligned with defined risk tolerances and expectations.
• Ensures processes and controls within assigned area to improve performance, security, reliability and availability of systems.
• Contributing to technology risk/control framework and assessment program to ensure alignment with industry risks, trends, new technologies and new/changes in regulatory requirements

Leadership

• Manage and contribute to cultivating a spirit of one team with shared goals and objectives.
• Select, empower and retain high performing talent, in support of achieving, individual and team goals.
• Promote and foster a cohesive team and positive work environment that encourages innovation, creativity and collaboration.

• Bachelor’s Degree or High School diploma or GED and 8 plus years of experience
• 3 - 5 years managing others
• 5 years of experience with the concepts and practices of IT risk management, IT process and related controls.
• 3 years in the financial services industry, with at least 2 years in an operational risk management, internal audit, or compliance role with a focus on internal control monitoring and testing, control testing methodologies, and related regulatory and compliance standards
• Experience with various Systems and Platforms (including Distributed Systems, Database, Middleware, cloud products etc.)
• Experience in setting up audit at a platform level, interpret the results and reporting the same for senior management.
• Experience working with Enterprise Risk Management, Compliance and external and internal auditors.
• Professional qualifications such as a CISA, CISSP, CISM, CRISC etc. a plus
• Understanding of IT Control Frameworks such as COBIT, ITIL, NIST and COSO
• Consistent track record of building strong relationships across multiple business functions

MIS Tech

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody’s also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.

This position may be considered a promotional opportunity, pursuant to the Colorado Equal Pay for Equal Work Act.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law. Click here to view our Pay Transparency Nondiscrimination statement.

Moody’s is a developmental culture where we value candidates who are willing to grow. So, if you are excited about this opportunity but don’t meet every single requirement, please apply! You may be a perfect fit for this role or other open roles.

Moody's is a global integrated risk assessment firm that empowers organizations to make better decisions.

At Moody’s, we’re taking action. We’re hiring diverse talent and providing underrepresented groups with equitable opportunities in their careers. We’re educating, empowering and elevating our people, and creating a workplace where each person can be their true selves, reach their full potential and thrive on every level. Learn more about our DE&I initiatives, employee development programs and view our annual DE&I Report at moodys.com/diversity

For US-based roles only: the anticipated hiring base salary range for this position is $136,900 to $198,550, depending on factors such as experience, education, level, skills, and location. This range is based on a full-time position. In addition to base salary, this role is eligible for incentive compensation. Moody’s also offers a competitive benefits package, including not but limited to medical, dental, vision, parental leave, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, a discounted employee stock purchase plan, and tuition reimbursement.