Technology Risk Officer (Associate)

  • Competitive
  • New York, NY, USA
  • Permanent, Full time
  • Morgan Stanley USA
  • 15 Oct 18

Technology Risk Officer (Associate)

Risk Management & Regulatory Team Profile
Risk Management and Regulatory teams enable the Business and Technology to form a holistic view of risk and make risk-based decisions. In addition to advising Technology senior managers on their risk posture, they are also responsible for assisting Technology divisions to proactively manage risk issues, drive compliance with policy, regulatory and other requirements. The teams maintain Technology Policy & Standards, perform risk assessments and tests of controls and deliver risk reporting capabilities. The teams handle responses to regulatory, audit, and client inquiries about the Firm's technology risk and control environment and fulfill Technology Risk Governance Committee responsibilities.

Risk Management & Regulatory Role Profile
Morgan Stanley's Technology Risk Management & Regulatory team is looking for candidates to help drive practices associated with technology operational risk awareness, identification, assessments, reporting, governance, management, mitigation and/or acceptance, and policy compliance. As regulatory demands continue to expand in complexity and detail, candidates will contribute to the delivery of critical ris k management and regulatory programs that impact the Firm's risk posture.

Position Description: Technology Risk Officer (Associate)
The Technology Risk Officer (Associate) works on a team that implements and monitors a strategic, comprehensive enterprise information security and IT risk management program. This position interfaces directly with Business Units to facilitate IT risk assessment and management processes, and works with stakeholders throughout the enterprise on identifying acceptable levels of residual risk. They provide regular risk reporting to senior business leaders and follow up on risk findings and action plans, ensuring the timely execution of the risk agenda and deliverables (including SOX control documentation, entitlement reviews, audit findings, and associated remediation activities). This role also participates in risk working groups to help promote and champion the operational risk agenda across the organization to enhance the overall risk culture throughout Technology and across the Firm.


Candidates for Technology Risk Officer (Associate) should have experience in several of the skills below:

  • Bachelor Degree in a field related to Information Technology, Business or Risk Management
  • Aptitude for technology and strong understanding of technology concepts and terminology; experience in software development, technology infrastructure, risk analysis or audit reporting, a plus
  • Familiar with industry standards, best practices and regulatory expectations in respect to technology and IT risk management
  • Knowledge of Technology and/or Information Security policies and procedures
  • Understanding of risk assessment methodologies (e.g. RCSA), internal controls and controls testing (e.g. SOX), and industry technology risk management frameworks, as well as familiarity with SDLC and Project Management methodologies
  • Exposure to analytical and data analysis skills
  • Ability to work in a team environment
  • A course of study that included risk management frameworks and methodologies, identifying and modeling information security risks, qualitative and quantitative risk assessment methods, risk controls and mitigation, and/or business impact analysis
  • Critical thinker with strong problem-solving skills and organizational skills, with the ability to multi-task
  • Strong written and verbal communication skills, interpersonal and collaborative skills
  • Certifications in one or more of the following: ISACA Certification (CISA, CRISC, CISM, CGEIT); PMI Certification (CAPM, PMP, etc.); ISC2 Certification (CISSP, SSCP, etc.); ITIL Certification (Foundation, Practitioner (General), Service Manager, Practitioner (Specialist)