Moody’s IT Risk is looking for a Senior Vice President of Cybersecurity Engineering and Operations to join its growing organization. This is a challenging position requiring a strong background in Information Security practice, deep knowledge of Information Security standards, best practices, technologies and processes, as well as solid communication and organization skills. The candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight.
The Moody’s Information Risk and Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business requirements. The team has global responsibility for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. The Cybersecurity team sets strategic direction for security within the organization and aligns with stakeholders throughout the company. The team is responsible for key programs including Cybersecurity Operations, Engineering, Patch and Vulnerability Management, Security Analytics, Data Loss Prevention, Threat Assessment, Security Monitoring and Incident Response.
The SVP – Cybersecurity Engineering and Operations will assume leadership of the teams responsible for global security design, security automation and cloud compliance, security infrastructure operations, and cloud and disruptive technology operations. The successful candidate will have a strong background in multiple security disciplines and technologies, including network and endpoint security, identity and access management, end-user security services (e.g. web content filtering), SIEM, and security automation/orchestration. Experience with cloud providers (AWS, Azure) and cloud security architecture, governance and security add-ons (e.g. CASB, logging services, network tap, cloud identity management tools) is a must. Strong documentation skills are also crucial to being successful in this role.
- Lead the Security Engineering, Security Operations, and Cloud Security teams, driving productivity, performance, adherence to process, and alignment with department and company goals.
- Establish as a thought leader within the organization, working with development and project teams and their senior leadership, evangelizing our security principles and standards.
- Act as the lead sponsor for Information Security and Risk projects, working with project teams comprised of Subject Matter Experts and Project Managers, and providing the direction, guidance, planning, expertise, communication and escalation necessary to guarantee the project’s timely and satisfactory completion.
- Create and deliver meaningful presentations and reports on program goals and status, tailored to multiple audience types.
- Drive implementation of new security technology platforms by providing thought leadership on design, vendor selection and deployment.
- Manage project and operational budgets; providing clear estimates and accurate forecasts.
- Partner with other leaders and business project sponsors to build consensus on project requirements and expected timelines, as well as report on status and key project risks.
- Act as a backup to other senior department leaders as needed.
- Create, maintain and align Moody’s Information Security policies and standards with industry best practices and business needs.
INFOSEC Minimum education and work experience required for this position include:
- Experience in IT industry, preferably in a financial services or consulting organization.
- Experience in progressively more senior Information Security roles.
- BS or BA degree, preferably in technology/business or equivalent.
- Relevant certifications such as CISSP, CISM are a plus.
- Ability to think with a security mindset. The successful candidate will have a strong background in multiple security disciplines and technologies, including network and endpoint security, identity and access management, end-user security services (e.g. web content filtering), SIEM, and security automation/orchestration.
- Experience with cloud providers (AWS, Azure) and cloud security architecture, governance and security add-ons (e.g. CASB, logging services, network tap, cloud identity management tools) is a must.
- Management of multiple teams, including employee coaching, manager coaching and mentorship to other department employees.
- Adaptability and flexibility to work on a variety of assignments as defined by current priorities.
- Current knowledge of security technologies and trends, understanding how trends in the technology and threat landscapes drive roadmap and architecture decisions.
- Strong knowledge of best practice standards that govern Information Security such as ISO, NIST and SANS.
- Knowledge of and experience with current and emerging cyber defense technologies such as next generation firewalls, sandboxing, detonation, full packet capture. In-depth knowledge of how these and other technologies apply to the cloud.
- Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
- Strong presentation skills, able to create and present meaningful material which is tailored to various audiences from technical to executive management.
- Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model.
- Proven ability to lead projects and initiatives within schedule and budget.