Senior IT Auditor

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are—with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. Moody’s is transforming how the world sees risk. As a global leader in ratings and integrated risk assessment, we’re advancing AI to move from insight to action—enabling intelligence that not only understands complexity but responds to it. We decode risk to unlock opportunity, helping our clients navigate uncertainty with clarity, speed, and confidence.

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity.

Skills and Competencies

• Minimum of 3 years of experience in a Big 4 firm or global organization in IT audit, cybersecurity, risk, or controls
• Strong understanding of IT and cybersecurity risk management, controls, and governance frameworks (e.g., NIST, ISO, COBIT, COSO)
• Experience auditing cloud environments (AWS, Azure, SaaS) including security architecture, configurations, and access controls
• Knowledge of identity and access management (IAM, PAM, SSO, MFA) and privileged access oversight
• Familiarity with network, endpoint, infrastructure security, and vulnerability and patch management processes
• Understanding of secure development practices (SDLC, Agile, DevOps, DevSecOps) and application security controls
• Experience evaluating data governance and protection practices including encryption, classification, and data loss prevention
• Ability to assess resilience, disaster recovery, and ransomware recovery readiness
• Strong analytical, critical thinking, and problem-solving skills with the ability to translate technical findings into business insights
• Effective written and verbal communication skills, with the ability to influence stakeholders
• Experience using data analytics tools (e.g., Excel, Power BI, Tableau) to support audit testing and insights
• Proficiency in Microsoft Office and exposure to GenAI and AI-driven tools (e.g., Microsoft Copilot)
• Ability to manage multiple priorities in a fast-paced, collaborative environment

Education

• Bachelor’s degree required in cybersecurity, computer science, computer engineering, information technology, information systems, or a related field
• Professional certifications such as CISSP, CISA, or equivalent are preferred

Responsibilities

This role is responsible for leading and executing risk-based IT and cybersecurity audits while providing insights on emerging technology risks across the organization.

• Lead and execute IT and cybersecurity audits with a focus on emerging risks including cloud, AI, and modern technology practices
• Develop a deep understanding of technology environments, business processes, and associated risks and controls
• Plan audit scope through process analysis, risk assessment, and control identification
• Evaluate cybersecurity governance, cloud security, identity access management, infrastructure security, and data protection controls
• Assess vulnerability management, secure development practices, and system change management processes
• Execute audit testing and maintain high-quality, well-documented workpapers
• Translate technical findings into clear, actionable business insights and recommendations
• Communicate effectively with stakeholders across Cyber, Technology, Data, and Product teams
• Draft audit observations, articulate risk impacts, and support remediation efforts
• Track and validate remediation activities to ensure effective and sustainable control improvements
• Build strong stakeholder relationships and incorporate business objectives into audit execution
• Leverage data analytics and automation tools to enhance audit efficiency and continuous monitoring

About the Team

The Internal Audit team is dedicated to delivering independent, objective assurance and advisory services that enhance organizational value. The team partners across the business to strengthen risk management, control, and governance processes while supporting innovation and continuous improvement across Moody’s global operations.

For US-based roles only: the anticipated hiring base salary range for this position is $82,400.00 - $119,450.00, depending on factors such as experience, education, level, skills, and location. This range is based on a full-time position. In addition to base salary, this role is eligible for incentive compensation. Moody’s also offers a competitive benefits package, including not but limited to medical, dental, vision, parental leave, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, a discounted employee stock purchase plan, and tuition reimbursement.

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion or creed, national origin, ancestry, citizenship, marital or familial status, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, military or veteran status, or any other characteristic protected by law. Moody’s also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email [email protected] . This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.

This position may be considered a promotional opportunity, pursuant to the Colorado Equal Pay for Equal Work Act.

Click here to view our full EEO policy statement . Click here for more information on your EEO rights under the law . Click here to view our Pay Transparency Nondiscrimination statement . Click here to view our Notice to New York City Applicants.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.