Director - Risk Management - Audit

About The Position

Requirements

• Strong knowledge of IT and cybersecurity controls, frameworks, and standards, including SOC1, SOC2, NIST, ISO 27001, COBIT, and C5.
• Familiarity with software development practices, enterprise technology operations, and public cloud environments (e.g., AWS, GCP, Azure).
• Experience conducting audits such as SOC1/SOC2, ISO audits, and customer audits.
• 6 to 9 years of experience in IT audit, enterprise risk management, information security, or vendor risk management.
• Proven track record of managing compliance programs and risk remediation activities.
• Proven experience mentoring, coaching, or managing junior staff, with the ability to inspire and develop talent within a high-performing team.
• Excellent verbal and written communication skills, with the ability to handle negotiations and complex conversations with clients and auditors.
• Strong analytical, problem-solving, collaboration, and project management skills.
• Highly organized, detail-oriented, and capable of prioritizing and meeting deadlines in a dynamic environment.
• Familiarity with Governance, Risk, and Compliance (GRC) platforms.

Nice To Haves

• Professional certifications such as CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CISSP (Certified Information Systems Security Professional), or PMP (Project Management Professional), or equivalent experience.

Responsibilities

• Lead the preparation, coordination, and execution of SOC1/SOC2 and ISO audits, including gathering relevant documentation, conducting internal assessments, and liaising with external auditors.
• Ensure compliance with ISO standards (e.g., ISO 27001) by maintaining and enhancing policies, procedures, and controls.
• Support customer audits by providing necessary documentation, responding to inquiries, and ensuring alignment with customer-specific requirements.
• Act as a trusted advisor to customers, addressing vendor risk assessments and technology due diligence inquiries.
• Collaborate with sales and legal teams to support RFP submissions, contract negotiations, and customer risk reviews, ensuring accurate and timely responses on information security controls.
• Engage with teams across Moody's in sales, product management, development, and operations to provide customers with the information needed to complete their reviews.
• Track and oversee risk remediation activities, ensuring timely and effective resolution of identified risks.
• Monitor compliance with policies, procedures, and regulatory requirements while identifying areas for improvement and automation.
• Contribute to Moody's third-party risk management framework and support its implementation within the Banking segment.
• Maintain accurate and up-to-date records of audit activities, findings, and remediation efforts.
• Create customer-facing documentation and reports on Moody's software products' information security controls.

Benefits

• Medical, dental, vision insurance
• Parental leave
• Paid time off
• 401(k) plan with employee and company contribution opportunities
• Life, disability, and accident insurance
• Discounted employee stock purchase plan
• Tuition reimbursement