Job Description

Location(s):

MIS Support Center, 4th floor, East Tower, Eurocenter Business Center, in front of Cenada, Heredia, 40104, CR

Line Of Business: CYBERSECURITY(CSG)

Job Category:

Engineering & Technology

Experience Level: Experienced Hire

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are-with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. 

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Skills and CompetenciesMinimum 2 years of program/process design and process improvement experience Demonstrated expertise with security, 3rd party oversight, 3+ years of work experience in Finance Sector within IT, Finance, HR or Operations Excellent communication skills with respect to both technical and non-technical audiences at various levels of the organizationExperience with data, reporting, analytics and automation practices & solutionsPassion for end to end solutions and delighting the end user through effective listening and expectation managementEducationBachelor’s Degree in Finance, Computer Science, MIS or Business preferredResponsibilities

In the management of Moody’s vendors, the Analyst will drive the due diligence, risk assessment, onboarding and continuous monitoring of Moody’s vendors to ensure these entities are in compliance with MCO vendor security control guidelines. If the vendors are not properly aligned, the Analyst will drive initiatives to close gaps. The analyst will also help manage the software review process, to assess the risks associated with onboarding new products.

The Analyst will also be empowered to identify opportunities to streamline process and leverage technology to ensure vendors do not present unwarranted risk to the company. The Analyst will work closely with other information security teams including access management, architecture, incident management and business liaisons to ensure recommended initiatives are properly coordinated across the security landscape.
The ideal candidate will demonstrate extensive knowledge and a proven record of success in:

Working with process-based, technology-enabled solutions that ensure vendors/affiliates meet required information security standardsDemonstrating strong communications and influencing skills, interacting with different teams across the organisation and establishing relationships with affiliates and vendor contactsExperience with Vendor Risk Management toolsets (OneTrust experience preferred), including assessment using standardized collection templates (e.g. CAIQ/SIG questionnaires/SOC2 reports, etc.), configuration of risk assessment formulas, understanding of vendor risk reportingProven organizational skills, the ability to work to strict deadlines when necessary and manage and prioritize deliverables from multiple sourcesDemonstrating high performance as a team player, working on a common vision, leveraging diverse views and encouraging improvement and innovationAbout the team

As an Analyst within the Cybersecurity Vendor Risk Management team, you will have the opportunity to engage in process improvement efforts, inspire innovation and help drive the vendor security review process and roadmap.
#LI-Hybrid

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.