Cyber Incident Response Regional Lead - Technology and Information Risk - Vice President

  • Competitive
  • Glasgow, Scotland, United Kingdom
  • Permanent, Full time
  • Morgan Stanley
  • 17 Nov 18

See job description for details


Company Profile

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Department Profile

The mission of the Global Technology division is to provide a highly reliable and commercial technology platform, which supports the Firm's strategy, delivered by an innovative, world-class team of professionals. There are ten divisions within Technology.

Technology & Information Risk (TIR) is part of the Global Technology and Data organization and manages operational and technology related risks on behalf of the Firm. The group's key principles are to provide proactive, comprehensive and consistent risk management, to enable the execution of the Firms strategy.

TIR's mandate is to enable the Firm to manage its technology and data related risks through implementing proactive, comprehensive and consistent risk management practices across the Firm to protect the franchise while capturing business opportunities. The TIR team partners with the business by ensuring that Technology and Data understands how to manage escalate and monitor risk.

Team Profile

Morgan Stanley is seeking a regional manager for our EMEA Cyber Incident Response Team (CIRT). The CIRT team is responsible for detecting, investigating and responding to cyber security incidents. The global CIRT is a 24/7 operation with members in key geographical locations. CIRT work core hours in their region with an on-call rota for critical incidents as needed.

Candidates should have a genuine interest in cyber security and a good understanding of the tactics, techniques and procedures of attackers. This role requires a detail oriented, critical thinker who can anticipate issues and solve problems. Experience in a similar operational environment is desirable but not essential.



Primary Responsibilities

This is a technical team management role which involves leading a team of security analysts and incident responders. Technical experience is required for the day to day running of the team and setting clear priorities on both tactical incident response and strategic projects within the Cyber Security organisation.

- Part of the senior management team influential in global decision making and direction of all aspects of the CIRT organisation

- Represent CIRT within the EMEA region, providing the escalation and decision making authority within the region

- Manage and lead a regional team of security analysts and incident responders

- Improve the detection, escalation, containment and resolution of incidents through strategic projects and engagements with the wider firm’s security engineering teams

- Lead enhancements and adapt existing incident response methods, tools, and processes for the changing threat landscape

- Maintain knowledge of threat landscape by monitoring OSINT and related sources

- Maintain technical skills through training and exercising skills both individually and as a region

- Candidates should have a genuine interest in cyber security and a good understanding of the tactics, techniques and procedures of attackers. This role requires a detail oriented, critical thinker who can anticipate issues and solve problems both regional and globally.


Qualifications:


Required Skills:

- Experiences with Security Analysis and Incident Response (i.e. working in SOC/CIRT/CSIRT/CERT).

- Excellent written and oral presentation skills

- Experience in the management and development of technical security professionals.

- Solid foundation of computing computer security principles, protocols algorithms and techniques.

- Strong analysis, problem solving and critical thinking skills necessary to perform root cause analysis of cyber security issues.

- Understanding of cyber adversarial Tactics Techniques and Protocols (TTPs)



Desired skills:

- Prior experience leading incident response teams or other teams within an operational environment such as SOC, CSIRT or CERT

- Creation and implementation of security monitoring use-cases and analytics

- Security product assessments.

- In-depth knowledge of security event management, network security monitoring, log collection, and correlation

- Industry certifications: GCIH, GNFA, GREM or other related certifications

- Experience in the financial industry

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.*LI-AM2