(Enter skills, job title, etc.)

VP - Security Architecture & Application Assessment

Job Title:

VP - Security Architecture & Application Assessment


New York, NY


Information Technology

Job Description:

Role/Responsibilities Moody’s Information Risk and Security is looking for a Vice President, Security Architecture and Application Assessment, to join its growing organization. This is a challenging position requiring a strong background in Information Security practice, deep knowledge of Information Security standards and best practices, and solid communication and organization skills. The candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability to work independently. This is an individual contributor position.

The Moody’s Information Risk and Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business requirements. The team's mission is to identify risks to Moody's data and systems, and implement strategies to aid in defending against and mitigating those risks. They are responsible for key programs including Security Architecture, Cyber Security, Identity Management and Vendor Security Management.

Functional Responsibilities
  • Provide security architecture designs and security consulting services for enterprise IT projects that cross multiple platforms and ensure alignment with Moody’s security architecture.
  • Conduct security assessments and manage remediation activities for in-house developed applications – must have a strong understanding of secure-coding standards and practices. Be able to evaluate of vendor developed code and security designs and determine if there are vulnerabilities in the delivered solutions.
  • Act as a liaison to Moody’s Enterprise Architecture Group, ensuring security designs is incorporate architecture best practices such as TOGAF and SABSA frameworks.
  • Work directly with product and development managers to track and remediate application vulnerabilities
  • Mature and help implement Moody’s Threat Modeling capability with SDLC and Application development efforts
  • Support the creation of Moody’s Information Security policies and standards aligned with industry best practices and business needs
  • Represent Information Risk on organizational project teams and ensure adherence to existing security policies ,standards, and identified reference architectures
  • Support the creation of and adherence to Cyber-Security and Information Security Reference Architectures by developing reusable patterns for security
  • Represent Security Architecture at both the Moody’s Software Development Life Cycle forum and Product Development Life Cycle reviews
  • Evaluate security concerns with new and emerging technologies with particular focus on Cloud, SaaS, and PaaS; knowledge of MS Azure / AWS is a plus
  • Own the successful delivery of Information Security projects and services for our customers by working directly with key business stakeholders.


Job Requirements:

  • Minimum of 10 years of experience in the IT industry, with significant portion of the time spent in security architecture or engineering roles.

Education, Training, and Certifications

  • BS or BA degree, preferably in technology/business or equivalent is required, Master’s Degree is a plus
  • Relevant certifications such as CISSP, CISM, SANS, TOGAF or other known technical security certifications are a plus

Key Competencies

  1. Ability to think with a security mindset. The successful candidate has a strong IT background with in depth knowledge of several key security practice area: access control; application security; network security; security architecture; security strategy.
  2. Ability to articulate the business risk associated with identified security weaknesses
  3. Adaptability and flexibility to work on a variety of assignments as defined by constantly evolving priorities.
  4. Maintains knowledge base on high profile, public cyber security breaches and able to quickly understand and articulate their associated actors, exploits and opportunities to improve Moody’s specific defense capabilities.
  5. Strong knowledge of application architecture, development and secure coding practices.
  6. Knowledge of the software development methodologies, including waterfall, agile, and DevOps.
  7. Strong knowledge of regulatory standards that govern Information Security practices within the Financial Industry such as SOX, PCI, and state and federal privacy laws.
  8. Knowledge of Identity and Access Management (IAM) technologies such as Identity Management platforms, Active Directory, Authentication/Authorization protocols, Provisioning, and Single Sign On technologies.
  9. Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
  10. Strong presentation skills involving large and of varying IT background audiences.


Tip of the Week

Make sure your LinkedIn profile is identical or similar to your resume. Consistency is key!


View Starpoint's Top Tips.

Send Us Your Resume

Let Starpoint's expert recruiters help you land your next job.


Submit Your Resume