Business Unit Information Security Officer Business Unit Information Security Officer …

Morgan Stanley
in Glasgow, Scotland, United Kingdom
Permanent, Full time
Last application, 23 Mar 20
Morgan Stanley
in Glasgow, Scotland, United Kingdom
Permanent, Full time
Last application, 23 Mar 20
See job description for details

Technology Division Business Unit Information Security Officer (BUISO)

Job Level: Vice President

Location: Glasgow, United Kingdom

Position Description:

The candidate will be a senior member of the Central Risk Services BUISO team within Technology and Operations Risk (TOR). The role focuses on the consistent delivery of information security risk services for all divisions within Technology at Morgan Stanley. The role will also enable the team to provide BUISO support to the MS Solium technology partners

The BUISO function is responsible for the implementation and effectiveness of the Firm's Information Security Program. Central Risk Services BUISO team is a centralized team focused on this function across Technology. The candidate is expected to be a senior and influential member within the team who has a broad understanding of the handling of information, the technology used in the processing of information, and the associated risks to Technology and the Firm.

BUISO general responsibility are:

*Delivery of front line operations that protect Firm and Client data via management and monitoring of Firm Information Security policy and procedure

*Leading information security related programs, including processes and procedures in adherence with the Global Information Security Program Policy

*Participating in information security related forums and governance committees at the Firm level

*Identifying, raising and discussing BU-specific Information Security requirements and resolving any issues in partnership with Technology and Information Risk and/or Corporate Security

The candidate will have responsibility for:

* Deliver quality and timely services in the core program of work:

* Information Security Policy Exceptions management

* Review, assess/evaluate various security policy exception requests

* Manage and report on risks associated with exceptions once granted

* Evaluate/Recommend improvements to exceptions controls and related Firm policy, procedures, standards

* Incident response (potential data leakage)

* Research, manage and respond to Information Security incidents

* Determine risk impact and severity (Note: this activity can be very sensitive and timely)

* Provision of education and advice/guidance on secure handling & transfer of data & information

* Initiate and manage process improvement/strategic risk reduction initiatives across the team and/or division

* Contribute to the Firm's Global Cybersecurity and Information Security program


Desired Skills / Qualifications:

* Experience in large-scale cyber and information security program implementation, management, oversight, or audit

* General IT Security knowledge and applying best security practices

* Accredited InfoSec Certifications (a plus)

* Able to interpret security requests, validate that approval processes are followed; track and report on exception grants by referencing documented procedures

* Strong process focus and awareness and good judgement (when to escalate/raise an issue to management)

* Strong analytical skills; able to digest requirements and share feedback, ideas on improvement etc.

* Strong interpersonal, problem solving, organizational and time management skills

* Clear and appropriate communication; targeting/tailoring content appropriate to audience

* Managing (internal) client relationships and working as part of a distributed team

* Highly motivated; ability to drive project deliverables to fruition/lead meetings with cross-functional and cross-level participation

* Collaborate with internal solutions providers to enhance security solutions and advocate on behalf of users/consumers

* Strong sense of ownership and accountability

* Serve as an escalation point for junior members on the team

* Ability to interpret existing policies, standards, procedures and apply in a real-world setting

* Ability to drive improvements to existing policies, standards, procedures; i.e. analyse current state, develop desired state, and perform gap analysis to achieve future desired state

* Experience in Technology Information Risk (or related risk areas),

* MS Office suite skills; ability to draft succinct and impactful PowerPoint decks (with appropriate level of detail for a given audience), ability to extract, aggregate, and report on data in Excel

* Understanding of VBA and macros creation in Excel (a plus)

* Basic understanding of Splunk querying language and reporting capabilities (a plus)

* Ability to articulate key points clearly and succinctly in meetings and 1:1

* Ability to define a proposed plan/approach based on an initial scope of work

* Ability to work within an open, consensus based organization

* Ability to manage and interact in a matrixed organization is essential

* Individual must be able to multi-task effectively