• Competitive
  • Edinburgh, Scotland, United Kingdom
  • Permanent, Full time
  • Moody's
  • 2018-07-15

Patch & Vulnerability Management Assistant Vice President

Location: Edinburgh, Scotland, United Kingdom

Moody's Information Security is looking for an assistant vice president to lead the Patch and Vulnerability Management program. The incumbent will be responsible designing, defining and implementing the vulnerability management program, vulnerability assessment tooling and services. In addition, they will be applying Patch & Vulnerability Management principles and best practices to proactively protect and maintain the confidentiality, integrity, and availability, of the company's data, computing systems, and networks. Additionally, the individual will play a key role in safeguarding the company's assets, intellectual property, and computer systems in support of the company's business objectives.

The Moody's Information Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody's business requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. The Information Security team sets strategic direction for security within the organization and aligns with stakeholders throughout the company.

The assistant vice president will be involved in leading and guiding all the steps of Patch & Vulnerability Management. He or She Will utilize Nessus (Tenable tool to assist with managing vulnerabilities). Document procedures, assist with what/where/when to patch, set up scans and assist in coordinating patching efforts. Engages in awareness, coordinating and communicating patch-management process to stakeholders.

Functional Responsibilities

  • Run a patch and vulnerability management program in a diverse global multi-technology environment
  • Assist driving and enhancing and continual improvement of Moody's patch management program
  • Serve as vulnerability management lead for applications, systems and Network components.
  • Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components.
  • Perform compliance scanning to analyze configurations and compare to established baselines, recommending remedial actions where necessary.
  • Engage with stakeholders, to include IT professionals, management, to facilitate vulnerability discovery, remediation and tracking.
  • Communicate security and compliance issues in an effective and appropriate manner.
  • Validate remedial actions and ensure compliance with security policy and remediation targets.
  • Perform risk assessments and make remediation recommendations to tech owners.
  • Periodically review vulnerability exception requests to ensure compliance to the exception process.
  • Maintain vulnerability tracker to record Identification, publication, remediation and closure of vulnerabilities.
  • Ability to adapt and respond to environment and priorities; manage deadlines and projects.
  • Ability to exercise sound technical, interpersonal and organizational judgment while evaluating and solving complex problems.
  • Partner with system owners to identify upcoming end of life components, and plan track their decommissioning.


With 400 employees and 800 contractors worldwide, Moody's Information Technology ("MIT") is the largest department of Moody's Shared Services and provides technology solutions for Moody's Investors Service, Moody's Shared Services and Moody's Analytics. The organization is going through an exciting period of growth and opportunity as we embark on a corporate-wide Transformation program and partner with the business to drive revenue growth, efficiency, risk management, and expansion of our client base via new solutions and application modernization. The development and ongoing support of key ratings and enterprise systems ensure the company's premier standing among credit rating agencies and enable its evolution alongside regulatory and business demands.

MIT continuously seeks talented individuals to drive the execution of its enterprise technology roadmap, which offers exciting career opportunities across the application delivery lifecycle, architecture, software and platform engineering, IT security and risk management, infrastructure and technology operations, vendor management, and service management.

#LI-LM1

Qualifications

Minimum education and work experience required for this position include:

  • Substantial experience in the IT industry, preferably in a financial services organization.
  • Recent and solid experience of direct Patch & Vulnerability Management.
  • Background & experience of designing, defining and implementing Vulnerability Assessment tooling and services.
  • Good working understanding and working knowledge of Tenable Security Center, Rapid7, Qualys, or other related tools.
  • Knowledge of python scripting is a plus.
  • Interpersonal, collaboration, and negotiation skills.
  • Good understanding of data analysis, business process analysis and reporting tools found within the Microsoft Office application suite.
  • Excellent understanding of project management methodologies & internal processes.
  • BS or BA degree, preferably in Technology.


Key Competencies

  • Ability to think with a security mindset. The successful candidate has an IT background with good level knowledge of multiple relevant security practice areas.
  • Experience in patch and vulnerability Management program management , procedures and processes.
  • Ability to work in a time-sensitive environment; must be detail oriented and able to multitask to meet deadlines and company objectives.
  • Experience in large, geographically diverse enterprise networks.
  • Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
  • Develop procedures and process documentations.


Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $4.2 billion in 2017, employs approximately 11,900 people worldwide and maintains a presence in 41 countries. Further information is available at www.moodys.com.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.

Edinburgh, Scotland, United Kingdom Edinburgh Scotland GB