Director, Cybersecurity Risk Assessments

Position description

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm’s employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries.

Legal and Compliance Division Overview
 

The professionals in the Legal and Compliance Division LCD provide a wide range of services to our business units. LCD is made up of the Legal, Regulatory Relations, and Non-Financial Risk (NFR) departments which preserve the firm’s invaluable reputation for integrity and protect the firm from sanctions with policies and procedures that are designed to meet regulatory requirements around the world. We also strive to maintain cooperative relationships with governmental policy makers and the regulatory and self-regulatory agencies that govern the firm’s businesses.

Background on the Position
 

The role will reside within the Operational Risk Department (ORD) in the Non-Financial Risk organization focusing on Cybersecurity Risk.

Operational Risk refers to the risk of financial or other loss, or potential damage to a firm’s reputation, resulting from inadequate or failed internal processes, people, systems, or from external events (e.g., fraud, legal and compliance risks or damage to physical assets). Management works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent, and comprehensive program for managing operational risk, both within each area and across the firm globally. This group designs, implements and monitors the company-wide operational risk program.

Cybersecurity Risk is the practice of identifying, assessing, and helping to identify cyber threats and remediate risks related to the confidentiality, availability and integrity of the Firm’s systems and information, including associated processes and controls. The successful candidate will be responsible for helping execute independent oversight, analysis, and monitoring of risks and controls.

Primary Responsibilities
 

–  Identify and evaluate cybersecurity and technology risks related to the systems and information supporting the Firm.
–  Assess whether cybersecurity activities and technology controls are designed and implemented effectively so as to verify that risks are mitigated to targeted levels.
–  Provide subject-matter expertise in cybersecurity and technology to support overall risk management across the Firm, working closely with cybersecurity and technology personnel across the Firm.
–  Build and maintain strong positive relationships with the broader risk community and the cybersecurity and technology security operational and development development teams.
–  Review completeness and execution of relevant procedures and assess assurance mechanisms for how effectively they identify weaknesses or failures of key controls.
–  Work with risk and control owners in assessing inherent and residual levels risks based on structured risk framework.
–  Maintain and or oversee relevant policies and procedures related to technology and security processes.
–  Review metrics and escalation reports to monitor risk and control-related developments, issues and trends.
–  Review technology and security risk issues as well as internal and external incidents in order to help inform an independent view of the overall technology and security risk posture of the Firm and its underlying legal entities.
–  Provide monthly and quarterly risk reporting.
–  Provide guidance on the evolving technology and cybersecurity risk landscape.
–  Coordinate with colleagues who cover business units and infrastructure groups in discussing impact of technology and cybersecurity risks on business and support

Qualifications

–  Bachelor’s degree in computer science, cybersecurity, risk management, international relations, english, finance, economics, business, or related fields. Advanced degree holders are also encouraged to apply.
–  At least 5 years of cybersecurity, technology, risk management or information security related work experience.
–  Demonstrated critical thinking and problem-solving skills.
–  Ability to carry out quantitative and qualitative data analysis, with particular emphasis on the ability to draw strategic insight from those analyses.
–  Strong project management and organization skills; ability to multitask and prioritize.
–  Ability to create relationships with a diverse group of stakeholders.
–  Strong interpersonal skills to successfully work in a team-oriented environment.
–  Excellent communication skills, both verbal and written; ability to produce concise and effective presentations tailored to technical and non-technical audiences.
–  Ability to work under pressure and meet tight deadlines.
–  Proficient in MS Office Suite (e.g., Word, Excel, PowerPoint).

Experience Preferred
 

–  Proficient in computer network defense, software programming, technology integration, or related disciplines.

Application instructions

Please be sure to indicate you saw this position on tendersglobal.net