Associate Director - Risk Management - Cybersecurity

Location: 55 Princess Street, Floor 3, Manchester, M2 4EW, GB

Line Of Business: Data Estate (DE)

Job Category: Engineering & Technology

Experience Level: Experienced Hire

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We strive to create an inclusive environment where everyone feels welcome to be who they are, with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways.

Welcome to the Data Estate business unit at Moody's Analytics, where we are pioneering the future of data management and analytics. Our mission is to deliver precise, timely data with a commitment to innovation. At Data Estate, we focus on enhancing Moody's digital presence and improving customer engagement through innovative data solutions. Our team is dedicated to enforcing and evolving our data quality framework, improving transparency into our data assets, and strategically growing new and existing information providers.

We are building a resilient data platform that supports our strategic priorities and drives long-term, sustainable growth for the business. Join us at Data Estate and be part of a dynamic team that is shaping the future of data management. We offer a collaborative environment where your contributions will have a meaningful impact on our clients and the industry. If you are passionate about data quality, governance, and innovation, we invite you to explore opportunities with us and help us deliver exceptional results.

Job Summary:

The Associate Director will be responsible for supporting the identification, assessment, and mitigation of cybersecurity risks and vulnerabilities within the organization. This role involves assisting in the development and implementation of cybersecurity frameworks and procedures to ensure the organization's compliance with regulatory requirements and industry best practices. The Associate Director will work closely with senior management, business units, and other stakeholders to promote a strong risk culture and ensure effective cybersecurity risk management practices.

Responsibilities include:

• Assist in the development and implementation of an enterprise-wide cybersecurity risk management framework, including procedures and tools for identifying, assessing, monitoring, and reporting cybersecurity risks and vulnerabilities.
• Support the execution of risk assessments, vulnerability assessments, and penetration testing to identify potential cybersecurity risks and their impact on the organization.
• Provide dedicated security functions in accordance with the needs, risk level, and plans provided by the corporate security plan.
• Manage the risk posture, regulatory compliance assurance, and the coordination of security plans in conjunction with the Senior Director of Risk Management.
• Monitor, schedule and communicate information security tasks, events and trends.
• Identify monitoring and reporting of risk items to the Senior Director of Risk Management.
• Develop and report key metrics.
• Document the application security program (Secure Coding Policies, Security Guidelines, Best Practices, Checklists, etc.).
• Act as business security champion, mentor and guide other security analysts.
• Collaborate with business units and other stakeholders to ensure that cybersecurity risks are effectively managed and mitigated.
• Perform other related duties as assigned.

Qualifications:

• Bachelor's degree in Information Assurance, Information Security, Information Systems or related field preferred.
• Information Security certifications and Security Product Certifications are desirable.
• 6+ years information security experience in a large and complex business environment.
• 3+ years experience identifying and remediating application security risks as part of vulnerability assessments and remediation programs.
• Strong knowledge of the development of application security assessment and code review methodologies.
• Strong knowledge of application security vulnerabilities, remediation and mitigation techniques, and secure coding practices.
• Working knowledge of automated application security scanning tools such as Qualys, Prisma Cloud or other similar commercial solutions.
• Working knowledge of manual assessment tools, automation scripts and other commercial and open source tools is preferred.
• Strong analytical skills to troubleshoot technical problems and determine resolution.
• Strong knowledge of web technologies (.ASP, .NET, Java).
• Exposure to Application Security Maturity Models.
• Collaborates effectively with cross-functional entities across the enterprise.
• Organizational direction, time management, problem-solving, prioritization, goal setting, leadership and motivation, negotiation, interpersonal relations, verbal/written communications and human resource management.

Annual base salary gross: £68,400.00 to £113,000.00. Actual salaries will vary and will be based on various factors, such as candidate’s qualifications, skills, and competencies. The salary is one component of Moody’s total compensation package for employees. Other rewards and benefits include Medical, Personal Accident, Life Insurance and Time Off. Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.