Morgan Stanley
Director, Cybersecurity Risk Assessments
Morgan Stanley, Baltimore, Maryland, United States, 21276
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management, and wealth management services. The Firm's employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries.
Legal and Compliance Division Overview
The professionals in the Legal and Compliance Division (LCD) provide a wide range of services to our business units. LCD is made up of the Legal, Regulatory Relations, and Non-Financial Risk (NFR) departments which preserve the firm's invaluable reputation for integrity and protect the firm from sanctions with policies and procedures that are designed to meet regulatory requirements around the world. We also strive to maintain cooperative relationships with governmental policymakers and the regulatory and self-regulatory agencies that govern the firm's businesses.
Background on the Position
The role will reside within the Operational Risk Department (ORD) in the Non-Financial Risk organization focusing on Cybersecurity Risk.
Operational Risk refers to the risk of financial or other loss, or potential damage to a firm's reputation, resulting from inadequate or failed internal processes, people, systems, or from external events (e.g., fraud, legal and compliance risks or damage to physical assets). Management works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent, and comprehensive program for managing operational risk, both within each area and across the firm globally. This group designs, implements, and monitors the company-wide operational risk program.
Cybersecurity Risk is the practice of identifying, assessing, and helping to identify cyber threats and remediate risks related to the confidentiality, availability, and integrity of the Firm's systems and information, including associated processes and controls. The successful candidate will be responsible for helping execute independent oversight, analysis, and monitoring of risks and controls.
Primary Responsibilities
Identify and evaluate cybersecurity and technology risks related to the systems and information supporting the Firm.Assess whether cybersecurity activities and technology controls are designed and implemented effectively to verify that risks are mitigated to targeted levels.Provide subject-matter expertise in cybersecurity and technology to support overall risk management across the Firm, working closely with cybersecurity and technology personnel across the Firm.Build and maintain strong positive relationships with the broader risk community and the cybersecurity and technology security operational and development teams.Review completeness and execution of relevant procedures and assess assurance mechanisms for how effectively they identify weaknesses or failures of key controls.Work with risk and control owners in assessing inherent and residual levels of risk based on a structured risk framework.Maintain and oversee relevant policies and procedures related to technology and security processes.Review metrics and escalation reports to monitor risk and control-related developments, issues, and trends.Review technology and security risk issues as well as internal and external incidents to help inform an independent view of the overall technology and security risk posture of the Firm and its underlying legal entities.Provide monthly and quarterly risk reporting.Provide guidance on the evolving technology and cybersecurity risk landscape.Coordinate with colleagues who cover business units and infrastructure groups in discussing the impact of technology and cybersecurity risks on business and support.
Minimum Requirements
Bachelor's degree in computer science, cybersecurity, risk management, international relations, English, finance, economics, business, or related fields. Advanced degree holders are also encouraged to apply.At least 5 years of cybersecurity, technology, risk management, or information security related work experience.Demonstrated critical thinking and problem-solving skills.Ability to carry out quantitative and qualitative data analysis, with particular emphasis on the ability to draw strategic insight from those analyses.Strong project management and organization skills; ability to multitask and prioritize.Ability to create relationships with a diverse group of stakeholders.Strong interpersonal skills to successfully work in a team-oriented environment.Excellent communication skills, both verbal and written; ability to produce concise and effective presentations tailored to technical and non-technical audiences.Ability to work under pressure and meet tight deadlines.Proficient in MS Office Suite (e.g., Word, Excel, PowerPoint).
Experience Preferred
Proficient in computer network defense, software programming, technology integration, or related disciplines.
Compensation
For Baltimore, expected base pay rates for the role will be between $83,000 and $115,000 per year at the commencement of employment. However, base pay if hired will be determined on an individualized basis and is only part of the total compensation package, which, depending on the position, may also include commission earnings, incentive compensation, discretionary bonuses, other short and long-term incentive packages, and other Morgan Stanley sponsored benefit programs.
Diversity and Equal Opportunity
Morgan Stanley's goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently, our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.
It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, transgender, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.
Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).
#J-18808-Ljbffr
Legal and Compliance Division Overview
The professionals in the Legal and Compliance Division (LCD) provide a wide range of services to our business units. LCD is made up of the Legal, Regulatory Relations, and Non-Financial Risk (NFR) departments which preserve the firm's invaluable reputation for integrity and protect the firm from sanctions with policies and procedures that are designed to meet regulatory requirements around the world. We also strive to maintain cooperative relationships with governmental policymakers and the regulatory and self-regulatory agencies that govern the firm's businesses.
Background on the Position
The role will reside within the Operational Risk Department (ORD) in the Non-Financial Risk organization focusing on Cybersecurity Risk.
Operational Risk refers to the risk of financial or other loss, or potential damage to a firm's reputation, resulting from inadequate or failed internal processes, people, systems, or from external events (e.g., fraud, legal and compliance risks or damage to physical assets). Management works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent, and comprehensive program for managing operational risk, both within each area and across the firm globally. This group designs, implements, and monitors the company-wide operational risk program.
Cybersecurity Risk is the practice of identifying, assessing, and helping to identify cyber threats and remediate risks related to the confidentiality, availability, and integrity of the Firm's systems and information, including associated processes and controls. The successful candidate will be responsible for helping execute independent oversight, analysis, and monitoring of risks and controls.
Primary Responsibilities
Identify and evaluate cybersecurity and technology risks related to the systems and information supporting the Firm.Assess whether cybersecurity activities and technology controls are designed and implemented effectively to verify that risks are mitigated to targeted levels.Provide subject-matter expertise in cybersecurity and technology to support overall risk management across the Firm, working closely with cybersecurity and technology personnel across the Firm.Build and maintain strong positive relationships with the broader risk community and the cybersecurity and technology security operational and development teams.Review completeness and execution of relevant procedures and assess assurance mechanisms for how effectively they identify weaknesses or failures of key controls.Work with risk and control owners in assessing inherent and residual levels of risk based on a structured risk framework.Maintain and oversee relevant policies and procedures related to technology and security processes.Review metrics and escalation reports to monitor risk and control-related developments, issues, and trends.Review technology and security risk issues as well as internal and external incidents to help inform an independent view of the overall technology and security risk posture of the Firm and its underlying legal entities.Provide monthly and quarterly risk reporting.Provide guidance on the evolving technology and cybersecurity risk landscape.Coordinate with colleagues who cover business units and infrastructure groups in discussing the impact of technology and cybersecurity risks on business and support.
Minimum Requirements
Bachelor's degree in computer science, cybersecurity, risk management, international relations, English, finance, economics, business, or related fields. Advanced degree holders are also encouraged to apply.At least 5 years of cybersecurity, technology, risk management, or information security related work experience.Demonstrated critical thinking and problem-solving skills.Ability to carry out quantitative and qualitative data analysis, with particular emphasis on the ability to draw strategic insight from those analyses.Strong project management and organization skills; ability to multitask and prioritize.Ability to create relationships with a diverse group of stakeholders.Strong interpersonal skills to successfully work in a team-oriented environment.Excellent communication skills, both verbal and written; ability to produce concise and effective presentations tailored to technical and non-technical audiences.Ability to work under pressure and meet tight deadlines.Proficient in MS Office Suite (e.g., Word, Excel, PowerPoint).
Experience Preferred
Proficient in computer network defense, software programming, technology integration, or related disciplines.
Compensation
For Baltimore, expected base pay rates for the role will be between $83,000 and $115,000 per year at the commencement of employment. However, base pay if hired will be determined on an individualized basis and is only part of the total compensation package, which, depending on the position, may also include commission earnings, incentive compensation, discretionary bonuses, other short and long-term incentive packages, and other Morgan Stanley sponsored benefit programs.
Diversity and Equal Opportunity
Morgan Stanley's goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently, our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.
It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, transgender, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.
Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).
#J-18808-Ljbffr