Morgan Stanley Services Group, Inc. seeks an Associate in Baltimore, MD
Identify and evaluate cybersecurity, technology, and information security risks related to the systems and information supporting Firm activities. Conduct risk assessment to determine whether cybersecurity, technology, and information security controls are designed adequately and implemented effectively to verify that risks are mitigated to targeted levels. Build and maintain strong positive relationships with the broader risk community and the cybersecurity and technology security operational and development teams. Provide oversight and challenge of risk and control owner's self-assessment of inherent and residual level risks based on structured risk framework to produce risk profile analysis for quality assurance, senior management and governance forums. Provide oversight and challenge of policies and procedures related to technology and security processes. Review metrics and escalation reports to monitor risk and control-related developments, issues and trends. Review technology and security risk issues and incidents as well as internal and external incidents in order to help inform an independent view of the overall technology and security risk posture of the Firm and its underlying legal entities. Provide monthly and quarterly risk reporting, and provide guidance on the evolving technology and cybersecurity risk landscape. Qualifications:
Requires a Bachelor's degree in Information Science, Cyber Security, or a related field of study and three (3) years of experience in the position offered or three (3) years as an Analyst or related occupation in the risk management field. Requires three (3) years of experience with: payment settlement systems in the global electronic payments community; user acceptance testing (UAT); Liaising with multiple stakeholders across various teams including sales, trading desks, and technology teams; front to back workflow and translating workflow into comprehensive use and test cases; internal controls to combat against fraud, cyber security, technology and information security risk; Lean management and methodology to assess processes and technology. Requires one (1) year of experience with: providing oversight and assurance for vendors and third party supplier services; collecting data and providing analysis using metrics, graphs and tables; risk & control self-assessments tools including Tableau, QlikView, and COGNOS; risk, process and control assessment and validation skills; technology access management; segregation of duties. Requires any amount of experience with: GRC tools/technologies including RSA GRC Archer and IBM OpenPages.
Qualified Applicants :
To apply, visit us at http://www.morganstanley.com/about/careers/careersearch.html Scroll down and enter 3158802 as the "Job Number" and click "Search jobs." No calls please. EOE
Morgan Stanley Use Only: *LI-DNI