- New York, NY, USA
- Permanent, Full time
AVP- Patch & Vulnerability Management
Location: New York, NY, USAMoody's Information Security is looking for an assistant vice president to lead the Patch and Vulnerability Management program. The incumbent will be responsible designing, defining and implementing the vulnerability management program, vulnerability assessment tooling, and services. In addition, they will be applying Patch & Vulnerability Management principles and best practices to proactively protect and maintain the confidentiality, integrity, and availability, of the company's data, computing systems, and networks. Additionally, the individual will play a key role in safeguarding the company's assets, intellectual property, and computer systems in support of the company's business objectives.
The Moody's Information Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody's business requirements. The team is responsible for the development, enforcement, and monitoring of security controls, policies, and procedures, and for the delivery of security services. The Information Security team sets the strategic direction for security within the organization and aligns with stakeholders throughout the company.
The assistant vice president- Will be involved in leading and guiding all the steps of Patch & Vulnerability Management. He or She Will utilize Nessus (a Tenable tool to assist with managing vulnerabilities). Document procedures, assist with what/where/when to patch, set up scans and assist in coordinating patching efforts. Engages in awareness, coordinating and communicating the patch-management process to stakeholders.
- Run a patch and vulnerability management program in a diverse global multi-technology environment
- Assist driving and enhancing and continual improvement of Moody's patch management program
- Serve as vulnerability management lead for applications, systems, and Network components.
- Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components.
- Perform compliance scanning to analyze configurations and compare to established baselines, recommending remedial actions where necessary.
- Engage with stakeholders, to include IT professionals, management, to facilitate vulnerability discovery, remediation, and tracking.
- Communicate security and compliance issues in an effective and appropriate manner.
- Validate remedial actions and ensure compliance with security policy and remediation targets.
- Perform risk assessments and make remediation recommendations to tech owners.
- Periodically review vulnerability exception requests to ensure compliance with the exception process.
- Maintain vulnerability tracker to record Identification, publication, remediation, and closure of vulnerabilities.
- Ability to adapt and respond to environment and priorities; manage deadlines and projects.
- Ability to exercise sound technical, interpersonal and organizational judgment while evaluating and solving complex problems.
- Partner with system owners to identify the upcoming end of life components, and plan to track their decommissioning.
Moody's Information Technology
Minimum education and work experience required for this position include:
- At least 7 years of experience in IT industry, preferably in a financial services organization.
- Minimum of 5 recent years direct Patch & Vulnerability Management.
- Background & experience of designing, defining and implementing Vulnerability Assessment tooling and services.
- Good working understanding and working knowledge of Tenable Security Center, Rapid7, Qualys, or other related tools.
- Knowledge of python scripting is a plus.
- Interpersonal, collaboration, and negotiation skills.
- Good understanding of data analysis, business process analysis, and reporting tools found within the Microsoft Office application suite.
- Excellent understanding of project management methodologies & internal processes.
- BS or BA degree, preferably in Technology.
- Ability to think with a security mindset. The successful candidate has an IT background with good level knowledge of multiple relevant security practice areas.
- Experience in patch and vulnerability Management program management, procedures, and processes.
- Ability to work in a time-sensitive environment; must be detail oriented and able to multitask to meet deadlines and company objectives.
- Experience in large, geographically diverse enterprise networks.
- Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
- Develop procedures and process documentations
Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $4.2 billion in 2017, employs approximately 11,900 people worldwide and maintains a presence in 41 countries. Further information is available at www.moodys.com.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email firstname.lastname@example.org.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.