Information Security Officer - Director - Risk & Resiliency Management

We’re seeking someone to join our Governance, Regulation & Client Engagement (GRCE) BUISO Team as a Director within Cyber Data Risk & Resilience (CDRR). The team's focus is delivery of consistent information security services and a best-in-class approach to those services globally for all divisions within the Technology Business Unit.

CDRR_Technology

The Cybersecurity organization's mission is to create an agile, adaptable organization with the skills and expertise needed to defend against increasingly sophisticated adversaries. This will be achieved by maintaining sound capabilities to identify and protect our assets, proactively assessing threats and vulnerabilities and detecting events, ensuring resiliency through our ability to respond to and recover from incidents and building awareness and increase vigilance while continually developing our cyber workforce.

Tech Risk Gov & Controls (TRGC)

TRGC provides governance and oversight of Risk across Technology by engaging with internal and external clients, including regulators, to help better identify, manage, mitigate and communicate risk posture.

Risk & Resiliency Management

This is Director position that Identifies, assesses, and mitigates risks to ensure operational continuity and resilience in the face of potential threats or disruptions that could impact the organization, plus management of ongoing incidents.

In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities.

Since 1935, Morgan Stanley is known as a global leader in financial services, always evolving and innovating to better serve our clients and our communities in more than 40 countries around the world.

Interested in joining a team that’s eager to create, innovate and make an impact on the world? Read on…

What you’ll do in the role:

The candidate will be a member of the Governance, Regulation & Client Engagement (GRCE) BUISO Team within Cyber Data Risk & Resilience (CDRR). The team's focus is delivery of consistent information security services and a best-in-class approach to those services globally for all divisions within the Technology Business Unit.

The candidate's responsibilities will include:

• Proficiency in current Firm / Technology Policies related to Information Security

• Consistent application of policies

• Deliver quality and timely services in the core program of work:

• Managing high volume of Data Leakage Prevention (DLP) program Security Exceptions

• Time sensitive data leakage incidents management

• Work with information security teams and respond to time sensitive Data Leakage Incidents escalations

• Risk Assess each Incident and identify remediation by working with Technology partners

• Report Incident trends and provide Root Cause Analysis to clients and stakeholders

• Information Security Principles

• Educate, advise, and guide personnel on protecting Firm information throughout the information lifecycle (collection, creation, distribution, storage, disposal), and address inquiries about other Firm policies, procedures, and standards

• Provide or administer Information Security best practices across the Business and Technology organizations

• Enable consistency and standardization in monitoring and managing the program of work

• Identify/work to introduce improvements and efficiencies where possible across the program to include controls, processes, procedures and policy

• Communicate progress, potential areas of focus, challenges requiring escalation and/or provide effective and timely assistance to management

• Collaborate with internal solutions providers to enhance security solutions and advocate on behalf of users/consumers

• Managing (internal) client relationships and working as part of a distributed team

• Compile and analyze data sets to provide periodic trend reporting to clients and stakeholders

What you’ll bring to the role:

• Bachelor's degree or relevant information security certifications (CISSP, CISM, Security+, GSEC, etc.)

• 6-10 years of work experience in Technology (or related risk or information security areas)

• Ability to adhere to clearly outlined process steps in given scenarios (this is critical)

• Ability to work within an open, consensus-based organization and must be able to multi-task effectively

• Ability to manage and interact in a matrix organization is essential

• Microsoft Office suite skills: ability to draft succinct and impactful PowerPoint decks (with appropriate level of detail for a given audience), ability to extract, aggregate, and report on data in Excel

• Ability to articulate key points clearly and succinctly in meetings and 1:1 / escalate promptly when necessary

• Strong process focus and awareness

• Strong analytical skills: able to digest requirements and share feedback, ideas on improvement etc.

• Strong interpersonal, problem solving, organizational and time management skills

• Sense of ownership and accountability

• Clear and appropriate communication; targeting/tailoring content appropriate to audience

• Highly motivated; ability to drive project deliverables and lead meetings with cross-functional and cross-level participation

• Ability to interpret existing policies, standards, procedures and apply them in a real-world setting

• Ability to drive improvements to existing policies, standards, procedures, i.e., analyze current state, develop desired state, and perform gap analysis to achieve future desired state

• Ability to leverage data analysis tools (Excel, Power BI, QlikView, Tableau, etc.) to create client/user dashboards and reports

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices​ into your browser.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.