Moody's is seeking a Digital Economy and AI Risk Management VP to assist the 1st Line of Defence manage operational risk emanating from the rapidly evolving landscape of artificial intelligence (AI), decentralized finance (DeFi), blockchain technologies, and the digital economy.
Requirements
- 10+ years of experience in risk management, digital economy, AI/ML, and blockchain, with a related concentration in Technology governance, risk and control self-assessment (RCSA), identifying and evaluating control measures, and compliance with financial services
- Hands-on experience developing AI and GenAI-powered applications
- Deep expertise in AI model lifecycle governance (validation, transparency, explainability) combined with a track record of assessing and managing risk appetite in emerging technology domains, and practical experience with DeFi and blockchain operational risk
- Broad-based technology experience at substantial scale and complexity in a global, highly regulated environment
- Working knowledge of Risk Management life cycles based on established frameworks: NIST, COBIT, ORX, ISO 27001
- Relevant certification is desirable, e.g., CISSP, CISM, CISA
- Experience with GRC tool for all ORM risk activities
Responsibilities
- Review and Challenge: leveraging their subject matter expertise, provide independent review and credible challenge to the Digital Economy risk profile and associated implementation of the ORM framework
- Governance: actively engage at various committees/forums representing 2nd LoD Risk and provide subsequent updates on changes to the Digital Economy risk profile
- Risk Appetite: develop, maintain, and communicate risk appetite for digital and AI-driven initiatives, ensuring alignment with organizational goals and regulatory expectations
- Risk and Control Self-Assessments (RCSA): initial challenge of the 1st LoD RCSA’s in-line with the ORM standards including timely completion, challenging risks, controls, and assessments, and supporting escalation/reporting, including at governance committees
- Operational Risk Events (ORE’s): initial challenge that the appropriate response, escalation, documentation, and reporting is in-line with the ORM framework, including post event root cause analysis to identify lessons learned and required actions to prevent recurrence
- Key Risk Indicators (KRIs): initial challenge of the development and reporting of KRIs, including establishment of tolerance levels, 1LoD rationales where KRI’s are out of tolerance or have changed significantly
- Emerging & Evolving Risks: initial challenge and monitoring of emerging and evolving risks, identifying where new risks need to be reported, or current risks are significantly changing
Other
- B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cyber Security or equivalent)
- Ability to work independently with or without direction and/or supervision
- Demonstrated ability to effectively interface with a diverse, global, and cross-functional team and led large-scale projects
- Ability to influence cross-functionally and enterprise-wide and assert second line risk responsibility to challenge and influence in a highly consultative and effective manner
- Effective communication skills, both verbal and written
