Control Tester - Associate - Risk & Resiliency Management

Profile Description

We are seeking for a junior who is accountable for executing and documenting control testing which must stand up to high-quality expectations, as well as project management of control testing reviews from start to finish.

CDRR_Technology

The Cybersecurity organization's mission is to create an agile, adaptable organization with the skills and expertise needed to defend against increasingly sophisticated adversaries. This will be achieved by maintaining sound capabilities to identify and protect our assets, proactively assessing threats and vulnerabilities and detecting events, ensuring resiliency through our ability to respond to and recover from incidents and building awareness and increase vigilance while continually developing our cyber workforce.

Firm Resilience

Firm Resilience leads and coordinates initiatives to proactively prepare the Firm to be resilient against operational threats as well as identify and manage material operational risk.

Risk & Resiliency Management

This is Associate position that Identifies, assesses, and mitigates risks to ensure operational continuity and resilience in the face of potential threats or disruptions that could impact the organization, plus management of ongoing incidents.

Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals.

At Morgan Stanley India, we support the Firm’s global businesses, with critical presence across Institutional Securities, Wealth Management, and Investment management, as well as in the Firm’s infrastructure functions of Technology, Operations, Finance, Risk Management, Legal and Corporate & Enterprise Services. Morgan Stanley has been rooted in India since 1993, with campuses in both Mumbai and Bengaluru. We empower our multi-faceted and talented teams to advance their careers and make a global impact on the business. For those who show passion and grit in their work, there’s ample opportunity to move across the businesses for those who show passion and grit in their work.

Interested in joining a team that’s eager to create, innovate and make an impact on the world? Read on…

What you’ll do in the role:

Roles and Responsibilities

Planning Reviews
• Support the Review Lead in kick-off meetings with PCOs and Risk Officers to review scope, timeline, and approach.
• Schedule walkthroughs with control contacts, document walkthrough takeaways, send follow-up requests for artifacts.
• Develop draft test procedures for each control after walkthroughs or peer-review test procedures developed by another control tester.
• Address feedback from Review Lead or peer reviews.

Executing Reviews
• Create evidence request list from final set of test procedures and communicate requests to stakeholders.
• Stay on top of evidence requests, including following up with reminders when needed.
• Review evidence upon receipt and escalate quality concerns to Review Lead if needed.
• Document workpapers and evidence per control using the ITCT workpaper template.
• Perform a critical self-review of workpapers or perform a QA review over the workpapers of a peer.
• Address feedback from Review Lead or peer reviews.

Reporting Review Results and Managing Risk Issues
• Escalate potential risk issues to the Review Lead as soon as possible.
• Develop draft issue descriptions and determine a draft risk rating for potential issues using the Risk Level Standard.
• Support the Review Lead during issue confirmation discussions with control contacts.
• Document draft results reports and/or peer-review the draft report of another.
• Help the Review Lead to address comments from 2/3 LOD.
• Create and monitor risk issues in OpenPages.
• Closure-verify issues in OpenPages once remediated.

Project Management of Reviews:
• Complete responsibilities described above in line with milestone dates agreed upon with the Review Lead.
• Regularly provide the ITCT Review Lead with status updates on ongoing activities, escalating concerns on meeting milestones to the Review Lead when necessary.
• Updating the ITCT Master Tracker on a twice weekly basis.

What you’ll bring to the role:

Desired Skills / Experience

• Working knowledge of key Technology, Information Security, and Cybersecurity concepts (e.g., data security, identity and access management, network security, change management, etc.)
• Understanding of relevant regulations and industry standards (e.g., ISO 27001, COBIT, NIST, etc.) including principles and key concepts related to risk assessment, controls, and testing.
• Working knowledge of technology applications and infrastructure (e.g., server, network, platform desktop environment) and ability to identify risk and controls.
• Ability to employ process-based thinking to effectively obtain, analyze, and interpret information, identify root causes of problems, and draw logical conclusions.
• Excellent written and verbal communication skills.
• Good organizational skills with diligence and ability to manage multiple priorities.
• Proficient use of Microsoft Excel and other Microsoft Office products
• Required Education: Bachelor's degree.
• Minimum 2 years relevant risk experience from roles in any of the following: Audit (internal or external), Risk Officer / Information Security Officer, Technology Risk Governance / Consulting, Regulatory agencies

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.