Job Description

Role:

Associate? Cyber / Tech / InfoSec Specialty Coverage (Operational Risk Department)
Location: New York, NY

Firm Risk Management

Firm Risk Management (FRM) supports Morgan Stanley to achieve its business goals by partnering with business units across the Firm to realize efficient risk-adjusted returns, acting as a strategic advisor to the Board and protecting the Firm from exposure to losses as a result of credit, market, liquidity, operational, model and other risks.

Background on the Position

The role will reside within the Firm Risk Management's Operational Risk Department focusing on Cybersecurity, Technology, and Information Security (CTIS) Risk.

Operational Risk refers to the risk of financial or other loss, or potential damage to a firm's reputation, resulting from inadequate or failed internal processes, people, systems, or from external events (e.g., fraud, legal and compliance risks or damage to physical assets). Management works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent, and comprehensive program for managing operational risk, both within each area and across the firm globally. This group designs, implements and monitors the company-wide operational risk program.

Cybersecurity, Technology, and Information Security Risk is the practice of identifying, assessing, and helping to identify cyber threats and remediate risks related to the confidentiality, availability and integrity of the Firm's systems and information, including associated processes and controls. The successful candidate will be responsible for helping execute independent oversight, analysis, and monitoring of risks and controls.

Primary Responsibilities

- Identify and evaluate cybersecurity and technology risks related to the systems and information supporting Firm activities.
- Assess whether cybersecurity activities and technology controls are designed and implemented effectively so as to verify that risks are mitigated to targeted levels.
- Provide subject-matter expertise in cybersecurity and technology to support overall risk management in the Firm, working closely with cybersecurity and technology personnel across the Firm.
- Build and maintain strong positive relationships with the broader risk community and the cybersecurity and technology security operational and development teams.
- Review completeness and execution of relevant procedures and assess assurance mechanisms for how effectively they identify weaknesses or failures of key controls.
- Work with risk and control owners in assessing inherent and residual levels risks based on structured risk framework.
- Maintain and or oversee relevant policies and procedures related to technology and security processes.
- Review metrics and escalation reports to monitor risk and control-related developments, issues and trends.
- Review technology and security risk issues as well as internal and external incidents in order to help inform an independent view of the overall technology and security risk posture of the Firm and its underlying legal entities.
- Provide monthly and quarterly risk reporting.
- Provide guidance on the evolving technology and cybersecurity risk landscape.
- Coordinate with colleagues who cover business units and infrastructure groups in discussing impact of technology and cybersecurity risks on business and support processes.
- Monitor industry developments in the management of technology and cybersecurity risk.

 QUALIFICATIONS

Experience Required

- Bachelor's degree in information technology, computer science, cybersecurity, data science, finance, economics, business, or related fields. Advanced degree holders are also encouraged to apply.
- 2+ years of cybersecurity, technology, or information security related work experience, preferably in the financial services industry.
- Strong project management and organization skills; ability to multitask and prioritize.
- Strong analytical and problem-solving skills.
- Strong interpersonal skills to successfully work in a team-oriented environment.
- Excellent communication skills, both verbal and written; ability to produce concise and effective presentations tailored to technical and non-technical audiences.
- Ability to work under pressure and meet tight deadlines.
- Flexible and self-motivator.
- Proficient in MS Office Suite (e.g., Word, Excel, PowerPoint).

Experience Preferred

- Proficient in computer network defense, software programming, technology integration, or related disciplines.

FRM is committed to creating and providing opportunities that enable our workforce to reflect diverse backgrounds and views.

Role is Hybrid and will require in office attendance 3 days/week. #LI Hybrid.

This role requires that all successful applicants be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccinations within 3 days of commencement of employment.