AVP, IT Risk Security Metrics and Reporting

Mô tả công việc

Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.3 billion in 2014, employs approximately 9,900 people worldwide and maintains a presence in 33 countries. Further information is available at www.moodys.com. Moody’s IT Risk Management is looking for an Assistant Vice President who will be aligned to the IT Risk Planning and Program Management Office (PMO) and manage the Security and Risk Metrics and Reporting function. This is a position requiring a strong background in metrics-driven reporting practices and solid communication and organization skills.The ideal candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight. The candidate has a deep understanding of data reporting and analysis, data visualization and is able to articulate complex information through reports, dashboards and presentations that tell a story.The IT Risk Metrics and Reporting program will support the IT Risk team by identifying and implementing key metrics, reports and dashboards to provide visibility, accountability and identify gaps and trends in risk controls across the MIT organization. The Moody’s IT Risk Management team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business  and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company’s Cyber Security program. The IT Risk Management team sets strategic direction for IT risk and security and aligns with stakeholders throughout the organization.Functional responsibilities include:•Leading efforts to build a robust, sustainable Risk and Security Metrics and Reporting Program including identification of key measurement criteria, analysis of source data, definition of processes  to produce metrics, analysis of trends and identification of key drivers•Telling the risk and security story through a series of easy to understand and visually compelling infographics that build progressively as the program matures•Partnering with risk and security subject matter experts to understand data and then define metrics and reports for information security functions such vulnerability management, endpoint protection, content filtering and threat monitoring; work with team members to create repeatable data collection processes to ensure metrics and reports have a consistent data quality.•Defining and delivering consistent reporting for risk and security projects and controls•Analyzing data to discern lessons learned and action items in order to improve security controls and risk posture; partner with the appropriate teams to help them understand the how the data can drive improvements•Driving the metrics program to higher levels of maturity with a particular focus on automation of data collection and dashboard creation•Develop a dashboard and metrics roadmap and scorecard•Maintain a catalog of security data, reports and dashboards that can be tailored for audience (technical / business, executive / operational) and frequency in order to support scheduled and ad-hoc requests •Bachelor’s degree in a technical or business discipline •PMP certification desirable•10 - 15 years or more of continuous improvement experience, primarily in a program reporting and metrics based role, preferably in the financial sector and/or supporting IT Risk or Information Security initiatives•Expert level PowerPoint  skills•Strong experience with data visualization concepts and tools •Ability to analyze data using Excel including use of complex Excel macros / scripts for reporting and data mining purposes from sources such as SQL databases, SharePoint and other enterprise data repositories is essential; some development experience with data extraction is preferable;•Experience with Tableau, ServiceNow and Splunk is preferable•Ability to work individually, as part of a team and matrix-manage other staff depending on the initiative•Significant, proven experience defining key measurements that will drive visibility, accountability, quality and overall IT effectiveness•Strong written and oral communication skills•Strong presentation skills; ability to adjust message and filter details based on audience (e.g. technical, business, management)With 400 employees and 800 contractors worldwide, Moody's Information Technology ("MIT") is the largest department of Moody's Shared Services and provides technology solutions for Moody's Investors Service, Moody's Shared Services and Moody’s Analytics. The organization is going through an exciting period of growth and opportunity as we embark on a corporate-wide Transformation program and partner with the business to drive revenue growth, efficiency, risk management, and expansion of our client base via new solutions and application modernization. The development and ongoing support of key ratings and enterprise systems ensure the company's premier standing among credit rating agencies and enable its evolution alongside regulatory and business demands.#LI-JG1MIT continuously seeks talented individuals to drive the execution of its enterprise technology roadmap, which offers exciting career opportunities across the application delivery lifecycle, architecture, software and platform engineering, IT security and risk management, infrastructure and technology operations, vendor management, and service management.MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.