Senior Analyst - Information Risk, Regulatory and Reporting
Job Description The ideal candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight. One of the unique benefits of the role is that the successful candidate will have overview and insight into the whole spectrum of Information Security activity.
The candidate will serve as a point of liaison with internal and external audit, compliance, legal and regulatory control groups, perform analysis around risk findings and requirements; develop policies and procedures in response to requirements and will also be able to articulate requirements into statements of work to deliver to other technology areas, including the tracking and monitoring of progress. To support this, the candidate
- Is familiar with technology risk, audit, compliance & regulatory standards, ideally the NIST framework
- Is familiar with risk management principles, risk appetite, risk profiling/ranking, risk acceptance and key risk indicators
- Has proven business analysis experience
- Has proven project management capabilities
The Information Risk Metrics and Reporting program will support the Information Risk team by identifying and implementing key metrics, reports and dashboards to provide visibility, accountability and identify gaps and trends in risk controls across the MIT organization. To support this, the candidate has
- A deep understanding of data reporting and analysis, data visualization and is able to articulate complex information through reports, dashboards and presentations that tell a story
- Capability to partner with risk and security subject matter experts to understand data and then define metrics and reports for information security functions such as vulnerability management, endpoint protection, content filtering and threat monitoring; work with team members to create repeatable data collection processes to ensure metrics and reports have a consistent data quality
- A deep knowledge of Excel, Sharepoint, Powerpoint as key working tools
- Experience with producing Tableau drill-down dashboards
- Some SQL server experience is preferred
- Bachelorâ€™s degree in a technical or business discipline
- 3 â€" 5 years or more of continuous improvement experience, primarily in a program reporting and metrics based role, preferably in the financial sector and/or supporting IT Risk or Information Security initiatives
- Expert level PowerPoint and Excel skills
- Some SQL server experience, the ability to own and maintain SQL databases, connectors, feeds and APIâ€™s from systems that provide metrics data
- Strong experience with data visualization concepts and tools
- Experience with the tableau visualization tool is preferable
- Ability to analyze data using Excel including use of complex Excel macros / scripts for reporting and data mining purposes from sources such as SQL databases, SharePoint and other enterprise data repositories is essential; some development experience with data extraction is preferable
- Experience with ServiceNow and Splunk is preferable
- Ability to work individually, as part of a team and matrix-manage other staff depending on the initiative
- Significant, proven experience defining key measurements that will drive visibility, accountability, quality and overall IT effectiveness
- Strong written and oral communication skills
- Strong presentation skills; ability to adjust message and filter details based on audience (e.g. technical, business, management)
Moodyâ€™s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moodyâ€™s also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email email@example.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moodyâ€™s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.