AVP-Cloud Security Engineer - Identity Access Management
Moody's IT Risk is looking for an AVP - Cybersecurity Engineer to join its growing organization. This is a challenging position requiring a strong background in security practice, deep knowledge of identity and access management (IAM) tools and processes. Solid communication and organization skills are also necessary. The successful candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight.
The Moody's IT Risk Management team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody's business and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company's Cyber Security program. The IT Risk Management team sets strategic direction for IT risk and security globally and aligns with stakeholders throughout the organization.
The AVP Cybersecurity Engineer - Identity & Access Management will be responsible for the architectural design and implementation of security tools and technologies. The ideal candidate is a strong hands-on subject matter expert that is comfortable working with indirect reports and managed services providers. The candidate is also responsible for delivery of Information Security projects and for providing security-engineering support to other technical projects within the company. The job requires excellent organization skills and attention to detail so that requests are handled in a uniform manner, so that issues are properly documented for our auditors, and so that projects are delivered on time. The job requires a strong understanding of security platform infrastructure and associated security issues. Functional Responsibilities
- Lead subject matter expert for security projects and initiatives, for example Identity and Access Management (SailPoint Identity IQ), Privileged Access Management (Hitachi ID) File Share Access (Varonis), and others. Collaborate with several teams across the organization, both technical and non-technical, to gather design/architecture requirements, and implement a successful solution.
- Provide L3 knowledge and support of the SailPoint and Varonis products to provide vendor oversight and on site, hands-on support when needed.
- Leads product improvement initiatives for SailPoint, Varonis and other technologies or processes. Helps defining technical requirements based on new business needs.
- Function as the Security representative on infrastructure and other non-security projects, making sure security requirements are clear, aligned with policies and best practices, and implemented completely and accurately, escalating any issues through appropriate channels.
- Manage the successful delivery of Security projects and services for our customers by working directly with key business stakeholders, Moody's IT (MIT) executives and project teams.
- Responsible for designing, developing and deploying security technology and controls including identifying and selecting vendors that meet security and business requirements.
- Provide expert advice on security issues to senior IT managers.
- Oversee security project delivery as both an escalation point and as a process improvement advocate through regular meetings with delivery and engineering stakeholders, internal customers, vendors and outsourcing partners.
- Align security designs, configurations and functionality with Moody's Information Security policies and industry standards.
- Keep the relevant Moody's Information Security policies and procedures aligned with industry standards, technology best practices, as well as infrastructure and organizational changes.
- Contribute to the overall security strategy and future roadmap for our security posture.
- Assist other technical teams in resolution of security incidents and outages related to information security tools, including coordinating of information security resources and root cause analysis.
- Develop and oversee the execution of implementation and improvement plans.
Minimum education and work experience required for this position include:
- Minimum 7 to 10 years of experience in the IT industry and at least 6 years of experience in Information Security or closely related fields.
- Strong writing and communication skills. Ability to create and maintain accurate and detailed guidelines and procedures.
- Demonstrated expertise in his/her skill area. Member of industry groups and forums, and able to create and give presentations on the subject.
- Hands-on experience with Basic Java, J2EE, XML, PowerShell, Application Server, Web Server and other Web Technologies
- Working knowledge of Webservices, SOAP, REST and SQL
- Hands-on experience with implementing identity solutions such as SailPoint, Oracle Identity Management, Aveksa, Hitachi ID, CyberArk and auditing tools such as Varonis or STEALTHbits.
- Hands-on experience with supporting an identity and access management system integrated with target applications such as Active Directory, SAP, O365
- Ability to interact directly with customers that do not have an IT background including key business stakeholders and clients.
- BS or BA degree, preferably in technology/business or equivalent.
- Relevant certifications such as CISSP, CISM, ITIL or PMP are a plus.
- Ability to think with a security mindset. The successful candidate has a strong IT background with expert level knowledge of multiple relevant security practice areas (access control; application security; network security; vulnerability management; monitoring; endpoint, etc.).
- Extensive knowledge of security tools which perform functions such as identity and access management, file system auditing. A wide range of experience in these tools, from hands-on configuration and operation, to high level design and architecture is preferred.
- Understanding of Role Based Access Control, Governance and Access Certification.
- Strong knowledge of regulatory standards or control frameworks that govern Information Security practices such as NIST, SANS, SOX, PCI, and state and federal privacy laws.
- Knowledge of the evolution and market trends of the areas described above including the vendor and threat landscapes.
- Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
- Ability to mentor and guide other team members.
- Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model.
- Proven ability to lead projects and initiatives within schedule and budget.
- Security tool gap analysis documentation; must be able to write and proof documents intended for technical and executive audiences.
- Ability to work in a time-sensitive environment; must be detail oriented and able to multitask to meet deadlines and company objectives.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email email@example.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.