Live chat
Moody's Investors Service, Inc

AVP- Patch \u0026 Vulnerability Management

Moody's Investors Service, Inc - New York City, NY

\u003Cdiv class=\post__content\\u003E
\u003Cdiv class=\post__content-text\ name=\job_description_\ itemprop=\description\\u003E
\u003Cfont\u003EMoody's Information Security is looking for an assistant vice president to lead the Patch and Vulnerability Management program. The incumbent will be responsible designing, defining and implementing the vulnerability management program, vulnerability assessment tooling, and services. In addition, they will be applying Patch \u0026amp; Vulnerability Management principles and best practices to proactively protect and maintain the confidentiality, integrity, and availability, of the company's data, computing systems, and networks. Additionally, the individual will play a key role in safeguarding the company's assets, intellectual property, and computer systems in support of the company's business objectives.\u003C/font\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cfont\u003EThe Moody's Information Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody's business requirements. The team is responsible for the development, enforcement, and monitoring of security controls, policies, and procedures, and for the delivery of security services. The Information Security team sets the strategic direction for security within the organization and aligns with stakeholders throughout the company.\u003C/font\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cfont\u003EThe assistant vice president- Will be involved in leading and guiding all the steps of Patch \u0026amp; Vulnerability Management. He or She Will utilize Nessus (a Tenable tool to assist with managing vulnerabilities). Document procedures, assist with what/where/when to patch, set up scans and assist in coordinating patching efforts. Engages in awareness, coordinating and communicating the patch-management process to stakeholders. \u003C/font\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cstrong\u003E\u003Cu\u003E\u003Cfont\u003EFunctional Responsibilities\u003C/font\u003E\u003C/u\u003E\u003C/strong\u003E\u003Cbr\u003E\u003Cul dir=\ltr\\u003E
\u003Cli\u003E\u003Cfont\u003ERun a patch and vulnerability management program in a diverse global multi-technology environment \u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EAssist driving and enhancing and continual improvement of Moody's patch management program\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EServe as vulnerability management lead for applications, systems, and Network components. \u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EPerform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components. \u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EPerform compliance scanning to analyze configurations and compare to established baselines, recommending remedial actions where necessary.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EEngage with stakeholders, to include IT professionals, management, to facilitate vulnerability discovery, remediation, and tracking. \u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003ECommunicate security and compliance issues in an effective and appropriate manner. \u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EValidate remedial actions and ensure compliance with security policy and remediation targets.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EPerform risk assessments and make remediation recommendations to tech owners.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EPeriodically review vulnerability exception requests to ensure compliance with the exception process. \u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EMaintain vulnerability tracker to record Identification, publication, remediation, and closure of vulnerabilities.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EAbility to adapt and respond to environment and priorities; manage deadlines and projects. \u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EAbility to exercise sound technical, interpersonal and organizational judgment while evaluating and solving complex problems.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EPartner with system owners to identify the upcoming end of life components, and plan to track their decommissioning. \u003C/font\u003E\u003C/li\u003E
\u003C/ul\u003E
\u003C/div\u003E
\u003Cdiv class=\post__content-text\ name=\department_team\\u003EMoody's Information Technology\u003C/div\u003E
\u003Cdiv class=\post__content-text\ name=\qualifications\ itemprop=\qualifications\\u003E
\u003Cfont\u003EMinimum education and work experience required for this position include:\u003C/font\u003E\u003Cul dir=\ltr\\u003E
\u003Cli\u003E\u003Cfont\u003EAt least 7 years of experience in IT industry, preferably in a financial services organization.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EMinimum of 5 recent years direct Patch \u0026amp; Vulnerability Management.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EBackground \u0026amp; experience of designing, defining and implementing Vulnerability Assessment tooling and services.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EGood working understanding and working knowledge of Tenable Security Center, Rapid7, Qualys, or other related tools.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EKnowledge of python scripting is a plus.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EInterpersonal, collaboration, and negotiation skills.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EGood understanding of data analysis, business process analysis, and reporting tools found within the Microsoft Office application suite.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EExcellent understanding of project management methodologies \u0026amp; internal processes.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EBS or BA degree, preferably in Technology.\u003C/font\u003E\u003C/li\u003E
\u003C/ul\u003E
\u003Cstrong\u003E\u003Cu\u003E\u003Cfont\u003EKey Competencies\u003C/font\u003E\u003C/u\u003E\u003C/strong\u003E\u003Cul dir=\ltr\\u003E
\u003Cli\u003E\u003Cfont\u003EAbility to think with a security mindset. The successful candidate has an IT background with good level knowledge of multiple relevant security practice areas.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EExperience in patch and vulnerability Management program management, procedures, and processes.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EAbility to work in a time-sensitive environment; must be detail oriented and able to multitask to meet deadlines and company objectives.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EExperience in large, geographically diverse enterprise networks.\u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EStrong written and oral communication skills including the ability to interact directly with customers that do not have an IT background. \u003C/font\u003E\u003C/li\u003E
\u003Cli\u003E\u003Cfont\u003EDevelop procedures and process documentations\u003C/font\u003E\u003C/li\u003E
\u003C/ul\u003E
\u003C/div\u003E
\u003Cdiv class=\post__content-text\ name=\working_at_moodys\\u003EMoody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $4.2 billion in 2017, employs approximately 11,900 people worldwide and maintains a presence in 41 countries. Further information is available at \u003Ca href=\http://moodys.com\\u003Ewww.moodys.com\u003C/a\u003E.\u003C/div\u003E
\u003Cdiv class=\post__content-text\ name=\eeo_policy\\u003EMoody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email \u003Ca href=\mailto:accommodations@moodys.com\\u003Eaccommodations@moodys.com\u003C/a\u003E.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications. \u003Cbr\u003E\u003Cbr\u003E For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law. \u003Cbr\u003E\u003Cbr\u003E\u003Ca href=\https://www.moodys.com/sites/products/ProductAttachments/Careers/MCO EEO Letter Signed.pdf\\u003EClick here\u003C/a\u003E to view our full EEO policy statement. \u003Ca href=\https://www.moodys.com/sites/products/ProductAttachments/Careers/EEO is the Law Poster English.pdf\\u003EClick here\u003C/a\u003E for more information on your EEO rights under the law.\u003C/div\u003E
\u003Cdiv class=\post__content-text\ name=\securities_trading_policy\\u003ECandidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.\u003C/div\u003E
\u003C/div\u003E,datePosted:2018-05-04,employmentType:FULL_TIME,industry:Engineering/Architect/Design,hiringOrganization:{@type:Organization,name:Moody's Corporation},identifier:{@type:PropertyValue,name:Moody's Corporation,value:12856BR},jobLocation:{@type:Place,address:{@type:PostalAddress,addressCountry:US,streetAddress:,addressLocality:New York,addressRegion:NY,postalCode:10001}}}

10 days 21 hours ago

Moody's Investors Service, Inc

Apply Now

Please review all application instructions before applying.

Location: New York City, NY

Company Profile:
Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.0 billion in 2013, employs approximately 8,400 people worldwide and maintains a presence in 31 countries. Further information is available at www.moodys.com.