AVP-Risk Management

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are—with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. Moody’s is transforming how the world sees risk. As a global leader in ratings and integrated risk assessment, we’re advancing AI to move from insight to action—enabling intelligence that not only understands complexity but responds to it. We decode risk to unlock opportunity, helping our clients navigate uncertainty with clarity, speed, and confidence.If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity.Skills And Competencies6+ years of experience in technology risk management, information security, or IT operations within a large, complex business environmentStrong knowledge of risk management frameworks (COBIT, ITIL, NIST), regulatory requirements, and operational risk methodologiesExperience designing and implementing controls, conducting risk assessments, and managing remediation activitiesUnderstanding of modern software development practices such as Agile, DevOps, CI/CD, and sSDLCExcellent analytical, problem-solving, and communication skills Ability to deal effectively with conflict and work in a matrix environment and work independently and collaboratively in a fast-paced, dynamic environmentDemonstrated proficiency in artificial intelligence concepts, with hands-on experience using AI tools to streamline workflows and enhance operational efficiency. Proven ability to implement AI-powered solutions to solve business challenges. Demonstrates a growing awareness of AI risk management and a commitment to responsible and ethical AI use.EducationBachelor's degree in information technology, Computer Science, Risk Management, or related field; relevant certifications (CISA, CISSP, CRISC, CISM, PMP) preferred.ResponsibilitiesManage end‑to‑end RCSA activities for technology and engineering processes, including risk identification, control mapping, control testing, issue management, and risk acceptance activitiesOptimize the execution of the RCSA process, methodologies, workflows, and documentation standards by the development and engineering of technological solutionsProvide guidance and challenge to technology partners to ensure risks and controls are accurately assessed and clearly articulatedImplement AI and automation tools to enhance RCSA efficiency, improve risk identification, control documentation, workflow efficiency, issue tracking, and reporting accuracyIdentify and address emerging technology risks through innovative technical solutions and proactive mitigation strategiesImplement and maintain controls designed to mitigate a broad range of technology, operational, and cybersecurity risksExhibit high attention to detail in identifying, aggregating, and communicating issues and control gaps to appropriate stakeholdersApply technical expertise to continuously improve control evaluation activities and ensure compliance with regulatory standardsContinuously develop domain subject matter expertise in control evaluation activitiesContribute to ad-hoc assignments/special projects to support the 1st line Risk TeamAbout The TeamOur 1st Line of Defense Risk Management team is responsible for overseeing and facilitating the risk management framework & methodology through effective risk management practices. This role will have responsibilities supporting the first line technology risk management team, including the successful execution of the Risk and Control Self‑Assessments (RCSAs) across the Moody’s Ratings technology environment. The position provides technical acumen, risk expertise, and execution capabilities to identify, assess, document, and manage technology risks, ensuring risks and controls are accurately represented and aligned with organizational risk standards. The role partners closely with technology and engineering teams to assess inherent and residual risk, evaluate control design and operating effectiveness, identify gaps and issues, and support remediation and ongoing risk monitoring activities.Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.