This job has expired, please see additional jobs below
InfoSec and Technology Controls Testing Lead (Vice President)
Morgan Stanley
New York, NY, United States
Job Details - this job has expired, please see similar jobs below
Description
Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Department Profile
Technology & Information Risk's mandate is to enable the Firm to manage its technology related risks through implementing proactive, comprehensive and consistent risk management practices across the Firm to protect the franchise while capturing business opportunities. The TIR team partners with the business by ensuring that the Technology division understands how to manage escalate and monitor risk.
Team Profile
The InfoSec & Technology Controls Testing Team (ITCT) is accountable for the execution of a number of programs relating to assessing design and testing effectiveness of key controls as well as testing compliance with Technology and Information Security Policies. These programs span across Technology and the remit of the Firm's Global Information Security Program Policy. In order to accomplish this, the Controls Testing team member will operate within the global framework, regulatory and industry best practice, while partnering with various stakeholders to ensure that objectives of the relevant programs are met.
Primary Responsibilities
The role responsibilities include:
• Delivering and operating the objectives of the global control testing program and managing control testing requirements
• Building strong positive relationships with the local Information Security / Risk community, within Technology and also the Firm, for example Internal Audit, Operational Risk Department, and Risk Officers
• Developing and delivering program specific communications to stakeholders on risk and control related matters e.g. technology and information security governance forums
• Presenting overview / results of testing program to stakeholders, senior management and other relevant parties
• Coordinating stakeholders across Firm departments to scope relevant testing e.g. Policy Compliance Testing, request based control testing
• Planning and reviewing testing of controls and/or policy compliance executed by ITCT team, providing regular management reporting on progress to meet regional requirements
• Reviewing work paper documentation to standards suitable for use by auditors
• Status, risk and issue reporting on program progress and deliverables
• Preparing documentation of identified risks and issues for reporting in centralized issue / risk tracking applications
Required Skills
• Working knowledge of key Technology and Information Security concepts e.g. data classification, protection,
policies, governance, privacy, security assessment tools
• Risk and Control Knowledge: Understanding of key concepts related to risk assessment, controls and testing
• Analytical Thinking: Engages in process-based thinking to effectively obtain, analyze and interpret information, identify root causes of problems, and draw the appropriate conclusions
• Communication: Clearly, completely and concisely communicates ideas and adapts style and content of communication appropriate for the audience
• Influence: Gains support and buy-in from others in order to motivate them to achieve business goals and objectives
• Technology: Working knowledge of technology applications and infrastructure (e.g., server, network, platform desktop environment) and ability to identify and validate risk and controls
• Builds and sustains relationships: Builds and maintains networks of relationships and effectively leverages them to achieve work-related objectives
• Organization: Exceptional organizational skills; a high degree of attention to detail and ability to manage multiple priorities
• Drive: Self-starter with an ability to be proactive
• Operational Risk Knowledge: Understanding of relevant local technology risk regulations and the associated application to a financial services business
Desired Skills and Competencies
• Business/Product Knowledge: Familiarity and experience with financial services and the processes related to the marketing, selling and trading of securities, derivatives and/or commodities in the financial services industry is a strong plus, but is not required.
Education: Bachelor's degree
A minimum of 10 years of relevant risk experience from roles in any of the following:
• Regulatory (e.g., working as a financial services regulator or having experience dealing with regulators)
• Audit (internal or external)
• Risk Officer / Information Security Officer
• Technology Risk Governance
• Risk Assessment (e.g., RCSA)
• Control Testing (e.g., SOX)
• Information Security / IT Security (e.g., Entitlements Management, Segregation of Duties, Threat Management, Penetration Testing, Strategy)
• Technology / Information Security Policy / Procedures
• Process/Risk/Control Frameworks, e.g., COBIT
Qualifications Desired
Certifications: Attainment of the following certifications is a strong plus, but not required
• Certified in Governance for Enterprise IT (CGEIT)
• Certified Internal Auditor
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Security Professional (CISP)
• Certified in Risk and Information Systems Control (CRISC)
• ISO 27001 Auditor