CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
Serve as a Subject Matter Expert (SMEs) for Third Party Cyber Risk Management
Plan, conduct and manage Third Party cyber risk assessments in accordance with Moody's Third Party Cyber Risk Management program o Partner with Sourcing, Business Owners and other stakeholders to understand the third party relationships, and tier third parties based on the engagement details o Issue and manage the completion of due diligence questionnaires with vendors o Review and assess third party due diligence questionnaires and supplied documentation o Identify, document and measure third party risk o Effectively document and communicate risk assessment results o Communicate the risks to Business Owners and stakeholders o Develop proposed remediation solutions for identified risks and work with the vendors to track remediation to closure o Plan and conduct onsite Third Party assessments in the US and abroad, develop onsite reports, manage remediation activities for identified risks and track them to closure
Be actively engaged in Third Party Cyber Risk Management program development and maturing of risk management processes, tools, metrics and reporting
Conduct IT Risk assessments of new software and vendor products. Identify, document and measure risks. Communicate the risks to Business Owners and stakeholders
Act in advisory role to Moody's affiliates to strengthen their cyber risk posture and establish appropriate cyber risk & security standards.
3-5 years of experience in Third Party risk management, information security, or related It Risk experience
Solid understanding of information security principles, standards and best practices
Familiarity with cyber security frameworks and standards (ISO, NIST, COBIT, BITS, SIG/AUP, etc.), SSAE16-18, SOC reports
Applied technical background associated with data security, systems architecture, infrastructure, cloud computing, etc.
Highly motivated, self-sufficient individual, able to work independently
Ability to take the initiative and achieve results in a fast-paced and dynamic environment
Excellent interpersonal, written and verbal communication skills
Ability to tailor communication to the audience; ability to express technical observations and opinions in layman terms
CISSP, CISM, CRISC, CISA or equivalent certifications a plus
10% multi-day travel to Third Party locations as required
Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.6 billion in 2016, employs approximately 10,700 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation or any other characteristic protected by law.