Job Number:
3247608
DESCRIPTION
EMEA Operational RiskTechnology Risk Oversight AVP
London
3247608
Morgan Stanley provides highly customized financial advice, investment solutions and brokerage services. Our Firm connects people, ideas and capital to help our clients achieve their financial aspirations. The talent and passion of our people are critical to our success. Together, we share a common set of values rooted in integrity and excellence.
Department Profile
Operational Risk Department (ORD) works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent and comprehensive program for managing Operational Risk, both within each area and across the firm globally. Operational risk is the risk of financial loss or other potential damage to the firm's reputation due to inadequate or failed internal processes, people, systems, or from external events.
Team profile
The successful candidate will support Operational Risk, as well as Business and Control Group management, in the development, execution and embedding of an effective framework and processes for oversight related to the management of Cyber, Technology and Information Security (CTIS) risks. CTIS Risk Oversight is the practice of monitoring risks related to the confidentiality, availability and integrity of the Firm's systems and information including associated processes and controls.
Primary Responsibilities
> As a member of the 2nd line CTIS team, provide thought leadership to drive strategic and tactical evolution necessary to maintain effective and efficient CTIS risk management.
> Provide independent oversight and monitoring of risks and controls around the Firm's technology and security to help inform and drive the 2nd line response to the technology and security risk posture of the Firm and its underlying legal entities.
> Build and maintain strong positive relationships with the existing cyber and information security risk community in the respective business and control groups, becoming a trusted advisor.
> Work with relevant 1st line risk and control owners in assessing inherent and residual risk levels based on the non-financial risk framework and relative to business appetite.
> Provide valuable insights to assist 1st line stakeholders in articulating, managing and/or mitigating residual risks that remain beyond appetite.
> Directly support and manage existing and developing 2nd line cyber and information security focused risk governance processes and committees, including scenario analysis activities.
> Build and maintain strong engagement with ORD colleagues who cover Business Units and Infrastructure Groups, assessing impact of cybersecurity risks on business and support processes to drive an integrated risk management response.
> Maintain an awareness of evolving and emerging technology and security risk issues as well as internal and external incidents.
> Support ORD management and 1st line stakeholders in the delivery of the Firm's regulatory obligations relating to cyber and information security risk management.
QUALIFICATIONS
Qualifications
Essential Skills
> Degree (Computer Science or Information Security, preferable but not essential)
> Experience of technology and or security risk related work experience, preferably in the financial services industry
> Experience in Technology (IT) Risk Management and or Technology (IT) Audit including Information Security and or Cyber Security
> Relevant industry certifications e.g. CISA. CISM, CISSP, CRISC an added advantage
> Strong interpersonal skills in order to work in a team oriented environment
> Excellent communication skills, both verbal and written; ability to tailor communication to technical and non-technical audiences
> Strong stakeholder management and influencing skills
> Ability to perform duties pro-actively, reliably and accurately
> Strong analytical and problem-solving skills;
> Familiarity with analytics tooling (e.g. Splunk, Qlickview, Tableau, PowerBI)
> Good Microsoft-Excel, -Word, -Outlook and - PowerPoint knowledge