Finance Information Security, Manager
- London, England, United Kingdom
- Permanent, Full time
- Morgan Stanley
- 14 Oct 18
See job description for details
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
The Finance Division reports to the Chief Financial Officer and consists of some 3,000 employees worldwide. Finance protects the Morgan Stanley franchise by serving as guardian of the Firm’s books and records and by contributing to firm wide risk management and risk reduction. This division maintains relationships with Morgan Stanley’s various industry and government regulators and also serves as the conduit of financial information to the outside investment community. Finance plays a critical role as advisor to Morgan Stanley’s various businesses and its senior management team.
The Financial Control Group (FCG) is responsible for overseeing the accounting and financial and regulatory reporting for the Firm. FCG prepares external financial reports for public filings and regulators. For internal reporting FCG, along with Financial Planning and Analysis (FPA), summarizes, plans and forecasts the organization's financial position, including income statements, balance sheets, and analyses of future revenues, expenses and earnings. FCG is comprised of Business Unit Controllers, Infrastructure Controllers, Accounting, Regulatory and Reporting groups, and Valuation Review.
Team and Role Overview
The Business Unit Information Security Officer (‘BUISO’) function in Finance Risk & Information Security Standards & Control (‘FinRISC’) is responsible for the implementation and effectiveness of the Firm’s Information Security Program within the Global Finance Division of Morgan Stanley (‘MS’), including regional specific coverage. The BUISO function provides advice on the handling of information, the technology used in the processing of information, and the associated risks across the division. This role will assist in leading information security related programs, including processes and procedures in adherence with the Global Information Security Program Policy. The Information Security Program is committed to the protection of the Firm’s information assets through the development of the Information Security Policy, Standards and supporting Procedures.
Information Security programs administered by FinRISC include, but are not limited to: Entitlements Management; Segregation of Duties; Supplier Risk; Cyber Security and Data Leakage controls.
• Participate in Firm-wide information security related forums and governance committees that assist in identifying, raising and discussing BU-specific information security requirements and resolving any issues in partnership with Technology and Information Risk (?TIR?) and/or Corporate Security
• Manage the implementation of Firm wide information protection policy and procedures and assist with the review and periodic recertification of policy/program exceptions granted within the BU
• Manage Information Security Risk Acceptances (‘RA’)
• Promote education and awareness around the Finance Information Security Program regarding Firm best practices in order to improve information security awareness and policy compliance
• Manage the Finance Entitlements Management program in order to safeguard the Firm’s information assets
• Manage the Finance Data Leakage Prevention (DLP) Program - support the Firm’s Data Leakage Prevention Program inclusive of the Incident Response Program (iRespond), which has been established to handle any incident that may have resulted in Firm, employee, or client information being lost, stolen, or acquired by an unauthorized party
• Manage the Finance Supplier Risk Management Program through the single point of contact (‘SPOC’), working closely with Service Owners, ORCs, and SRMM
• Assist with identifying Material Non Public Information support the identification and proper handling of such information to ensure safeguarding
• Oversee Training/Guidance/Best Practices
• Information Security (‘IS’) Risk Assessment - support risk assessments in conjunction with the ISProgram, oversees the IS Risk Assessment for global Finance
• Educated to Degree level or equivalent
• Prior Information Security and/ or Operational Risk Management experience a plus
• Ability to work effectively on multiple projects under tight deadlines
• Proficiency with data management, End User Computing Tools (spreadsheets and databases) and other standard computing applications (PowerPoint and Word)
• Superior analytical thinking and problem solving abilities
• Excellent verbal and written communication skills, with the ability to communicate with key stakeholders and Management
• Intellectual curiosity with a focus on information sharing
• Strong relationship building skills
• Ability to understand and apply complex concepts
• Self-motivator and team player who brings a can-do approach
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.