Moody's is seeking to address operational risks arising from the rapidly evolving landscape of artificial intelligence (AI), decentralized finance (DeFi), blockchain technologies, and the digital economy. The role supports the ORM framework to identify, assess, mitigate, and report on these risks, ensuring alignment with organizational goals and regulatory expectations.
Requirements
- 10+ years of experience in risk management, digital economy, AI/ML, and blockchain, with a related concentration in Technology governance, risk and control self-assessment (RCSA), identifying and evaluating control measures, and compliance with financial services.
- Deep expertise in AI model lifecycle governance (validation, transparency, explainability) combined with a track record of assessing and managing risk appetite in emerging technology domains, and practical experience with DeFi and blockchain operational risk.
- Broad-based technology experience at substantial scale and complexity in a global, highly regulated environment.
- Working knowledge of Risk Management life cycles based on established frameworks: NIST, COBIT, ORX, ISO 27001.
- Clear Thinker with strong analytical skills to review complex processes.
- Demonstrated ability to effectively interface with a diverse, global, and cross-functional team and led large-scale projects.
- Ability to influence cross-functionally and enterprise-wide and assert second line risk responsibility to challenge and influence in a highly consultative and effective manner.
Responsibilities
- Review and Challenge: leveraging their subject matter expertise, provide independent review and credible challenge to the Digital Economy risk profile and associated implementation of the ORM framework.
- Governance: actively engage at various committees/forums representing 2nd LoD Risk and provide subsequent updates on changes to the Digital Economy risk profile.
- Risk Appetite: develop, maintain, and communicate risk appetite for digital and AI-driven initiatives, ensuring alignment with organizational goals and regulatory expectations.
- Risk and Control Self-Assessments (RCSA): initial challenge of the 1st LoD RCSA’s in-line with the ORM standards including timely completion, challenging risks, controls, and assessments, and supporting escalation/reporting, including at governance committees.
- Operational Risk Events (ORE’s): initial challenge that the appropriate response, escalation, documentation, and reporting is in-line with the ORM framework, including post event root cause analysis to identify lessons learned and required actions to prevent recurrence.
- Key Risk Indicators (KRIs): initial challenge of the development and reporting of KRIs, including establishment of tolerance levels, 1LoD rationales where KRI’s are out of tolerance or have changed significantly.
- Emerging & Evolving Risks: initial challenge and monitoring of emerging and evolving risks, identifying where new risks need to be reported, or current risks are significantly changing.
Other
- B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cyber Security or equivalent).
- Relevant certification is desirable, e.g., CISSP, CISM, CISA.
- Ability to work independently with or without direction and/or supervision.
- Effective communication skills, both verbal and written.
- Ability to prioritize and multitask, flexibility and adaptability in work approach.
