Operational Risk Cybersecurity, Information Security, and Technology Risk, Executive Director Operational Risk Cybersecurity, Information  …

Morgan Stanley
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Last application, 23 Feb 20
Morgan Stanley
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Last application, 23 Feb 20
See job description for details

Department Profile

Firm Risk Management (FRM) enables Morgan Stanley to achieve its business goals by partnering with business units across the Firm to realize efficient risk-adjusted returns, acting as a strategic advisor to the Board and protecting the Firm from exposure to losses as a result of credit, market, liquidity, operational, model and other risks.

Our mission is to serve as the follow roles:
• Independent agent to set consistent principles and disciplines for risk management
• Strategic advisor to Firm management for setting risk appetite and allocating capital
• Industry leader to influence and meet regulatory standards

You will collaborate with colleagues across FRM and the Firm to protect the Firm’s capital base and franchise, advise businesses and clients on risk mitigating strategies, develop tools and methodologies to analyze and monitor risk, contribute to key regulatory initiatives and report on risk exposures and metrics to enable informed and strategic decision-making. Through thoughtful analysis and clear communication we are best able to bring our ideas to the table and improve the Firm.

Firm Risk Management values diversity and is committed to providing a supportive and inclusive workplace for all employees.

Firm Risk Management’s unique franchise promotes:
• Flat, flexible and integrated global organization
• Collaboration and teamwork
• Credible, independent decision-making
• Organizational influence
• Creative and practical solutions
• Meritocratic and diverse culture

The Asia Pacific (APAC) Risk Management Division is responsible for the independent identification, analysis, reporting and escalation of all market, credit, liquidity and operational risk exposures arising from business activities, acting independently of business management and providing an effective challenge process.

Position Description

Morgan Stanley has an opening for an Executive Director as APAC Lead for Cybersecurity, Technology, and Information Security Risk Oversight within the Operational Risk Department. The successful candidate will be responsible for helping execute independent oversight, analysis, and monitoring of risks and controls around the Firm’s technology and security risks, including identifying, assessing, and helping to assess the business risk from cyber threats and remediate risks related to the confidentiality, availability and integrity of the Firm’s systems and information, including associated processes and controls.

Primary Responsibilities

Morgan Stanley is seeking a candidate to join the Operational Risk Department in Hong Kong. The role-holder will be an integral part of the team supporting the execution of the Department’s mandate and strategy.

Core responsibilities include:
• Threat Analysis – Build and operate the APAC capabilities necessary to provide APAC and Global management with an independent view of the Firm’s susceptibility to cybersecurity and technology risks due to the actions of external malicious cyber actors and failures in internal practices and procedures.
• Oversight Function – For APAC, lead a team to drive the overall end-to-end assessment of the sufficiency of existing control functions to meet the threats by building and executing necessary regional and Global activities across the following key dimensions:
• Risk Identification: Identify and assess risks related to the information and systems supporting Firm activities globally
• Risk Measurement: For identified risks, assess magnitude and plausibility of the risks to lead to business consequences by executing bespoke regional and Global capabilities to understand linkages between threats and consequence.
• Risk Governance: Participate in relevant (or in scope) governance, steering, and working group committees and review metrics and escalation reports to monitor risk and control-related developments, issues and trends. Provide regular updates to APAC Senior and Executive Management. .
• Risk Monitoring: Review metrics, industry developments, and escalation reports to monitor risk and control-related developments, issues and trends in the management of technology and cybersecurity risk
• Perform Threat/Control Assessments - Assess whether cybersecurity activities and technology controls are designed and implemented effectively so as to verify that threats are countered and risks are mitigated to targeted levels
• Relationship Management – Liaise and work with EMEA and Global Control Function owners and Risk Managers in providing Operational Risk Coverage / Cyber Risk Coverage
• Advisory Services – Provide guidance on the evolving technology and cybersecurity risk landscape to regional and global senior and executive leadership in risk management, technology, and the business units.
• Policy & Procedures - Maintain and or oversee relevant policies and procedures related to technology and security processes

The position reports both regionally to the APAC Head of Operational Risk and also the Global Head of Cybersecurity, Information Security, and Technology Risk


• Bachelor’s Degree minimum
• Minimum of 10 years’ worth of technology and/or security related work experience, preferably in the financial services industry
• Experience in risk management is preferred

• Strong project management and organization skills
• Ability to multitask and prioritize
• Strong analytical and problem-solving skills
• Flexible and self-motivator
• Excellent communication skills, both verbal and written; ability to produce concise and effective presentations tailored to technical and non-technical audiences
• Ability to work in a small team environment, building and maintain a network of contacts and coordinating with a large number of stakeholders
• Proficiency in a technical area, such as computer network defense, software programming, technology integration, computer science, or related fields

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.

Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.