Associate - Technology Risk Oversight, IT Audit and Assessment (Operational Risk)

  • Competitive
  • Baltimore, MD, USA
  • Permanent, Full time
  • Morgan Stanley USA
  • 19 Jan 18 2018-01-19

Associate - Technology Risk Oversight, IT Audit and Assessment (Operational Risk)

Morgan Stanley has an opening for an Associate for the Technology Risk Oversight team within ORD. Technology Risk Oversight is the practice of monitoring risks related to the confidentiality, availability and integrity of the Firm's systems and information including associated processes and controls. The successful candidate will be responsible for helping execute independent oversight and monitoring of risks and controls around the Firm's technology and security.

Primary Responsibilities
· Identify and evaluate risks related to the systems and information supporting Firm activities
· Assess, through inspection, observation, or re-performance whether controls are designed and implemented effectively so as to verify that risks are mitigated to targeted levels
· Review completeness and execution of relevant procedures and assess assurance mechanisms for how effectively they identify weaknesses or failures of key controls
· Work with 1st line of defense risk and control owners in assessing inherent and residual levels risks based on structured risk framework
· Maintain and or oversee relevant policies and procedures related to technology and security processes executed by 1st line of defense
· Review metrics and escalation reports to monitor risk and control-related developments, issues and trends
· Review technology and security risk issues as well as internal and external incidents in order to help inform the 2nd line of defense independent view of the overall technology and security risk posture of the Firm and its underlying legal entities
· Provide monthly and quarterly risk reporting
· Provide challenge to 1st line of defense assessments of their risks and controls
· Provide guidance to 1st line of defense on evolving technology and security risk landscape
· Coordinate with ORD colleagues who cover Business Units and Infrastructure Groups in discussing impact of technology and security risks on business and support processes
· Monitor industry developments in the management of technology and security risk
· Build and maintain strong positive relationships with the broader risk community in 1st line of defense
· Work with key stakeholders to evaluate policy exception requests and prepare for senior management review


Skills Required:
· Bachelor's Degree minimum
· 3-7 years' worth of technology and or security risk related work experience, preferably in the financial services industry
· Experience in Technology (IT) Risk Management and or Technology (IT) Audit including Information Security and or Cyber Security
· Experience with relationship management
· Strong interpersonal skills in order to work in a team oriented environment
· Excellent communication skills, both verbal and written; ability to produce concise and effective presentations tailored to technical and non-technical audiences
· Strong project management and organization skills
· Ability to multitask and prioritize
· Ability to work under pressure and to tight deadlines
· Flexible and self-motivator
· Strong analytical and problem-solving skills;
· Proficiency in MS Office and related applications (e.g. Word, Excel, Powerpoint)