This job has expired, please see additional jobs below
Vice President - Technology Risk Oversight and Governance
Morgan Stanley
Baltimore, MD, United States
Job Details - this job has expired, please see similar jobs below
Description
Company Profile:
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Department Profile:
Operational Risk Department (ORD) works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent and comprehensive program for managing operational risk, both within each area and across the firm globally. Operational risk is the risk of financial loss or other potential damage to the firm’s reputation due to inadequate or failed internal processes, people, systems, or from external events. This group designs, implements and monitors the company-wide operational risk program.
Operational Risk refers to the risk of financial or other loss, or potential damage to a firm’s reputation, resulting from inadequate or failed internal processes, people, systems, or from external events (e.g., fraud, legal and compliance risks or damage to physical assets). The Firm may incur operational risk across the full scope of its business activities, including revenue-generating activities (e.g., sales and trading) and control groups (e.g., information technology and trade processing). Given the nature and breadth of operational risk, operational risks are managed at multiple levels e.g. Firmwide, as well as Regional, Business Unit, Infrastructure Group, Control Function and Legal Vehicle.
The Firm has developed an Operational Risk Management Framework to identify and assess significant operational risks and ensure appropriate mitigation actions are undertaken. The Framework is deployed across Business Units, Infrastructure Groups and Control Functions globally, regardless of Region or Legal Entity. The Framework is based upon a “Three Lines of Defense” model:
• 1st Line: Business Units/Infrastructure Groups - Own their operational risk & are responsible for its management
• 2nd Line: Oversight by Independent Risk Management and Control Functions - Partner with Business Units and Infrastructure Groups to anticipate, mitigate and report on operational risk
• 3rd Line: Independent Assessment by Internal Audit - Provides independent, assessment, validation and evaluation
ORD operates as part of the 2nd Line of Defense, providing independent governance and oversight of operation risk management across the Firm.
Position Description:
Morgan Stanley has an opening for a Vice President for the Technology Risk Oversight team within ORD. Technology Risk Oversight is the practice of monitoring risks related to the confidentiality, availability and integrity of the Firm’s systems and information including associated processes and controls. The successful candidate will be responsible for helping execute independent oversight and monitoring of risks and controls around the Firm’s technology and security along with relevant thought leadership.
Primary Responsibilities–
• Identify and evaluate risks related to the systems and information supporting Firm activities
• Maintain and or oversee relevant policies and procedures
• Participate in relevant governance, steering, and working group committees
• Review metrics and escalation reports to monitor risk and control-related developments, issues and trends
• Review technology and security risk issues as well as internal and external incidents in order to help inform the 2nd line of defense independent view of the overall technology and security risk posture of the Firm and its underlying legal entities
• Work with 1st line of defense management in discussing and resolving control gaps, risk trends, risk issues and incidents
• Provide monthly and quarterly risk reporting
• Coordinate with ORD colleagues who cover Business Units and Infrastructure Groups in discussing impact of technology and security risks on business and support processes
• Participate in Operational Reviews such as the Incident Review Meetings and Analyses
• Participate in scenario analysis workshops to assess risk impacts
• Monitor industry developments in the management of technology and security risk
• Build and maintain strong positive relationships with the broader risk community in 1st line of defense
• Work with key stakeholders to evaluate policy exception requests and prepare for senior management review
• Serve as SME for the Information Security Risk Acceptance Program
• Review and evaluate Information Security risks for consideration for Risk Acceptance
• Provide challenge to residual risk rating for Information Security risks to be Risk Accepted
• Coordinate with 1st line on renewal of expiring Information Security Risk Acceptances
Qualifications
• Bachelor’s Degree minimum
• 10-15 years’ worth of technology and or security risk related work experience, preferably in the financial services industry
• Experience in Technology (IT) Risk Management and or Technology (IT) Audit including Information Security and or Cyber Security
• Experience with relationship management
• Strong interpersonal skills in order to work in a team oriented environment
• Excellent communication skills, both verbal and written; ability to produce concise and effective presentations tailored to technical and non-technical audiences
• Strong project management and organization skills
• Ability to multitask and prioritize
• Ability to work under pressure and to tight deadlines
• Flexible and self-motivator
• Strong analytical and problem-solving skills;
• Proficiency in MS Office and related applications (e.g. Word, Excel, PowerPoint);