Cybersecurity Audit

  • Competitive
  • New York, NY, USA
  • Permanent, Full time
  • Morgan Stanley USA
  • 14 Oct 18

Cybersecurity Audit

Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 42 countries. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Background on the Position
Morgan Stanley is seeking a strong Technology Audit candidate to cover, Information Security and Cybersecurity supporting the firm. Cybersecurity Auditors focus on general and infrastructure controls that mitigate cybersecurity risk for the technology supporting the enterprise. The auditor is responsible for understanding, analyzing, and testing the technology controls including those over architecture and configuration, systems development, security and entitlements, production management and governance.

Primary Responsibilities
· Manage projects and supervise staff on audit assignments with primary focus on cybersecurity
· Design and execute risk-based audit programs in order to assess the design and effectiveness of key technology and/or security controls for critical systems and processes.
· Partner with Application and Business Auditors, and work collaboratively within a team
· Maintain ongoing dialog with key stakeholders regarding risks identified and necessary improvements to the control framework

Qualifications:

Skills required (essential)
· Five or more years of IT Audit experience
· Experience in auditing interfaces, infrastructure, data processing and computer general controls
· Strong understanding of industry standards such as the NIST Cybersecurity Framework, NIST 800-53, PCI-DSS, ISO 27001/02, CIS Top 20 Critical Security Controls (formerly SANS),,and FFIEC
· Technical knowledge of IT systems, including:
o Databases
o Operating Systems (UNIX, Linux, Windows, z/OS)
o Networking, including VPN, LAN, WAN, WLAN
o Firewalls and associated hardware
o Backup and Recovery system
o Middleware
o Virtualization Technologies
o Data Loss Prevention tools, Intrusion Detection and Intrusion Prevention tools
o Pen Testing Tools
o Tools such as Splunk, ArcSight,
· Good understanding of threats, vulnerabilities, risk, confidentiality, integrity, availability, cryptography, network security, web-based applications architecture and security, network protocols
· Ability to handle multiple projects while meeting deadlines with minimal supervision
· Build strong relationships with Technology clients
· Strong written and verbal communication skills
· Project planning skills
· Proven knowledge of auditing standards and procedures, appropriate IT and auditing processes, rules and regulations.

Skills desired
· Experience with Data Analysis using data mining tools
· Familiarity analyzing results from Pen Testing Tools
· Practical IT work experience is a plus
· Scripting and programming experience is beneficial

Education requirements :
· Bachelor's Degree (Computer Science, Technology, Information Systems or related field)
· CISA, CISSP, and/or CISM certifications are preferred
· Offensive Security Certified Professional (OSCP), CSX-F certification, Certified Ethical Hacker (CEH) or similar certifications are desirable
· Microsoft and Cisco certifications are a plus *LI-ND1