Information Security Risk Manager – Technology & Operations

Job Number:

3190313

DESCRIPTION

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management, and wealth management services. The Firm’s employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career – a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Technology works as a strategic partner with Morgan Stanley business units and the world’s leading technology companies to redefine how we do business in ever more global, complex, and dynamic financial markets. Morgan Stanley’s sizeable investment in technology results in quantitative trading systems, cutting-edge modeling and simulation software, comprehensive risk and security systems, and robust client-relationship capabilities, plus the worldwide infrastructure that forms the backbone of these systems and tools. Our insights, our applications and infrastructure give a competitive edge to clients’ businesses—and to our own.

Risk Oversight, Governance & Engagement (ROGE): ROGE provides risk reporting, oversight and support for Operations and Technology Information Security programs and initiatives. Operations is one of the largest divisions in the firm and has diverse responsibilities, including correctly settling and recording millions of transactions per day, identifying and mitigating all operational risks, developing strong client relationships and partnering with Technology to realize the full potential of IT and e-solutions. Throughout, the Operations department continually seeks ways to improve while actively supporting the development of new businesses, structures and markets.

Risk Oversight, Governance & Engagement (ROGE) Information Security Risk team ensures adequate controls are in place, through providing an integrated risk and control framework to govern, assess, mitigate, and manage financial and operational risk for Morgan Stanley Technology and Operations divisions. We are looking for a resourceful and dedicated candidate to perform a Risk Officer function. In this role, the incumbent will be responsible for the implementation and effectiveness of the Firm’s Information Security Program within Technology & Operations divisions. The Risk Officer will provide advice on the handling of information, the technology used in the processing of information, and the associated risks across the divisions. This role will assist in leading various Firmwide and Operations related information security programs, including developing processes and procedures in adherence with the Global Information Security Program Policy.
Information Security programs administered by TOR Information Security Risk include but are not limited to: Entitlements Management; Segregation of Duties; Supplier Risk; Cyber Security and Data Leakage controls.

Primary Responsibilities

Lead day to day Identity and Access Management initiatives and programs for Technology Division

Perform investigative research and analysis as needed to assist in the due diligence process for potential risks related to Identity and Access Management

Design and implement strategies to manage entitlements risk more effectively

Manage production of various Regional / Global Information Security Risk Management Reports

Lead Information Security Risk Acceptance governance process for Global Operations owned applications

Promote and deliver education and awareness around the Operations Information Security Program regarding Firm best practices to improve information security awareness and policy compliance

Evaluate opportunities for workflow automation and drive process enhancement

Partner with ROGE Information Security Officers in providing leadership for the regional and global team and support the Baltimore ROGE Executive Director

QUALIFICATIONS

Prior Information Security, Cyber Risk, Operational Risk Management experience a plus

Good understanding and background knowledge of Identity and Access Management

Strong relationship building skills to maintain a network of contacts, and coordinate with varied stakeholders across the business and Technology

Proficiency with Asset lifecycle, data management, End User Computing Tools (spreadsheets and databases) and other standard computing applications (PowerPoint, SharePoint, and Word)

Analytical thinking and problem-solving abilities

Excellent verbal and written communication skills, with the ability to communicate with key stakeholders and Management

Intellectual curiosity with a focus on information sharing

Ability to understand and apply complex concepts

Self-motivator and team player who brings a can-do approach