DevOps Risk / Control Specialist DevOps Risk / Control Specialist …

Morgan Stanley
in Glasgow, Scotland, United Kingdom
Permanent, Full time
Last application, 23 Mar 20
Morgan Stanley
in Glasgow, Scotland, United Kingdom
Permanent, Full time
Last application, 23 Mar 20
See job description for details

Company Profile

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Department Profile

Technology and Operations Risk (TOR) is part of the Global Technology division and manages operational and technology related risks on behalf of the Firm. The group's key principles are to provide proactive, comprehensive and consistent risk management, to enable the execution of the Firm's strategy.

Team Profile

TOR's mandate is to enable the Firm to manage its technology and data related risks through implementing proactive, comprehensive and consistent risk management practices across the Firm to protect the franchise while capturing business opportunities. The TR team partners with the business by ensuring that Technology understands how to manage, escalate and monitor risk.

Primary Responsibilities

- Develop and execute a strategy to re-design each of the IT controls assessment and testing programs in an innovative way to provide continuous compliance and assurance. This individual will enhance all of the IT controls assessment and testing activities to support the Firm's Agile and DevSecOps transformation, while further increasing the impact of these programs on risk reduction for the Firm

- Lead a program of transformational change to create a single unified assessment process for performing risk assessments on new and existing vendors

- Proactively engage with stakeholders from all levels of the organization, ranging from C-suite professionals through to developers.

- Execute on a strategy of profiling the inherent risk of software assets that will better support the Firm's move to Agile behaviours

- Data Analytics to support the strategic design of each of the IT controls assessment and testing programs, by leading analytics exercises in key domains leading to deep dives presented to governance committees

- Develop and deliver analysis supporting the full coverage of Technology, Information Security and Cyber Security controls across all of the IT controls assessment and testing programs

- Utilize data analysis tool sets to analyse and interpret information, identify root causes of problems & draw conclusions

- Quantify the extent of risks through data analysis of environmental indicators

- Analyse risk indicators to identify and escalate appropriate issues for management attention

- Develop proposals for new compliance/ adoption metrics in key domains based on Data Analytics exercises

- Produce management reports on a weekly and monthly basis


Skills required

- Working knowledge of Technology applications and infrastructure (e.g. server, network, platform desktop environment) and how they are used in large organizations

- Strong risk and controls knowledge with familiarity with associated frameworks such as COBIT, NIST, 3LOD etc.

- Experience in related Risk governance/assurance/management roles within the 1st line, 2nd line or 3rd line

- Educated to degree level in relevant subject (e.g. Computer Science, Risk Management)

- Excellent written and verbal communication skills

- Strong data analysis skills with knowledge of MS Excel (pivot tables, advanced formulae)

- Strong problem solving skills and an ability to influence others at all levels of the organisation

- Experience of working with other Microsoft packages (Word, PowerPoint, Outlook)

- Experience of stakeholder engagement at different levels of an organisation

Skills required (Desired)

- Technology risk / control qualifications (CISA, CRISC, CISSP, CISM)

- Operational Risk knowledge with an ability to identify risks

- Experience of working with Business Intelligence tooling (e.g. Qlikview, Business Objects, Tableau)

- Experience of working in a large (financial) organisation

Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.