Controls Analyst

JOB DESCRIPTION

JOB TITLE Cyber Controls - Controls Analyst

ENTITY MSS

LINE OF BUSINESS /

DEPARTMENT

CRR

LOCATION Gurugram

REPORTING TO Manager- Controls Group

The Role / Responsibilities:

The Controls Analyst is an experienced professional capable of assisting with the development,

execution and continuous improvement of Cyber Controls programming encompassing in accordance with

Moody's and departmental standards

• Maintains an understanding of the technological processes, risks and controls related to Moody's

business, specifically for the area under review.

• Understands team objectives and cooperates and collaborates with others to achieve them.

• Manages cybersecurity defense lifecycle, including scoping, documentation, tests of design and

effectiveness, reporting

• Validate design and operating effectiveness of Cyber controls and delivering a quality work product,

free of errors and on time.

• Develop test steps for the area under review commensurate with the nature of risk and risk levels.

• Performs testing of various Reports, Interfaces, Applications, and ITGCs

• Performs detailed reviews of the tests/audits conducted by the team

• Proactively identify and monitor process and system changes, and other areas of change that have a

direct impact on the company's cybersecurity posture.

• Assists in developing or supporting other deliverables i.e. local/regional regulators requests, board

materials

• Maintain repository of documentation, testing evidence, and internal policies, and provide summary

status reporting and presentation to business units and management

• Performs a root cause analysis and impact assessment on the issues identified during course of

testing/audit in accordance with a framework designed

• Understands the processes/controls under review and uses critical thinking to ensure that identified

risks are appropriately mitigated by management procedures

• Demonstrates ability to outline facts around potential issues and discuss internally and with

stakeholders.

• Proactively develops appropriate initial resolutions to obstacles to be discussed with project sponsor

• Develops and maintain good working relations with stakeholders.

• Interact with management at various levels regarding cyber controls, issues and the project

• Demonstrates ability to delegate work effectively and take ownership/ accountability

• Manages multiple and often conflicting priorities tasks in a Global Environment

• Drive improvements & Identifies for enhancing delivery by applying analysis, business intelligence,

and problem-solving techniques

• Continuously expands knowledge of data analytics and use of technology to enhance audit

testing, identify opportunities for continuous monitoring and repeatable test plans.

• Capable of performing intermediate level data analytics functions within Excel or equivalent

applications (e.g. Alteryx, PowerBI, ACL), and leverages, contributes, and improves the data

analytics library.

• Maintains curiosity and exercises professional skepticism

Qualifications and Experiences:

• Bachelor's Degree and CISA, CISSP,OSCP as additional qualification will be preferred

• 2-4 years of experience in a Big 4 Consulting firm or a Global organization

• Knowledge of standards and control frameworks such as NIST CSF, ISO 27001, CIS.

• Cybersecurity Assessment, security reviews of network and system architecture design

• Experience with Incident Response, associated tools and technologies.

• Understanding of firewall Management, Network Adress Translation , VPN, segmentation of

networks, Network Access Control Systems

• Privilege Access Management Systems(Cyber Arc, Beyond Trust)

• Strong knowledge of Windows, networking, cloud solutions, security technologies.

• Secure Configuration Reviews, Review of Hardening Parameters vis-à-vis CIS benchmarks

• In-depth understanding of on-prem and cloud infrastructure.

• Knowledge of Vulnerability Detection tools such as qualys / tenable

• Experience in operational cyber security management ( SOC, SIEM, Vulnerability

Management, WAF,DLP).

• Awareness of regulations pertaining to financial services industry.

• Proficiency in Microsoft Office suite and other Automation tools.

• Ability to work both independently and as a member of a team in a fast-paced environment and

handle multiple tasks simultaneously.

• An ideal candidate should be innovative, result oriented and should be able to demonstrate strong

communication, interpersonal, persuasion, team management, project management and critical

thinking skills.

The Department / Team

Working at Moody's

We have impact. So will you.

The views of each Moody's employee matter and, collectively, those views contribute to our ability to serve

credit-sensitive markets worldwide. Diverse opinions are encouraged and leverage the depth and breadth of

experiences that our employees bring to work each day. We expect Moody's employees to be accessible and

collaborative and, in return, Moody's offers a work environment that promotes intellectual curiosity, analytical

rigor and collegiality. Our people and our environment uphold our core values of integrity, insight, intellectual

leadership, inclusion and independence.

Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and

analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is

the parent company of Moody's Investors Service, which provides credit ratings and research covering debt

instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and

research for credit and economic analysis and financial risk management. The corporation, which reported

revenue of $3.6 billion in 2016, employs approximately 10,600 people worldwide and maintains a presence in

36 countries. Further information is available at www.moodys.com./"

EEO Language

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment

without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical

or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic

information, or any other characteristic protected by law. Moody's also provides reasonable accommodation

to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a

reasonable accommodation, or need assistance with completing the application process, please email

[email protected]. This contact information is for accommodation requests only, and cannot

be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment

consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions,

qualified applicants with criminal histories will be considered for employment consistent with the requirements

of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will

be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under

the law.

Securities Trading Policy

Candidates receiving an offer to join Moody's Investors Service or Moody's Shared Services shall be required

to disclose their securities holdings and those of their family members as defined by Moody's Policy for

Securities Trading. Such holdings will be reviewed by the hiring manager during the offer process to identify

any potential conflicts of interest. Moody's Human Resources department shall inform the prospective

employee of any potential conflicts and remediation actions required. Any formal offer of employment is

contingent upon the Candidate's agreement to comply, in advance of employment, with remediation

requirements identified by Moody's.