Technology, Cyber and Information Security Policy Specialist
- Glasgow, Scotland, United Kingdom Glasgow Scotland GB
- Permanent, Full time
- Morgan Stanley
- 24 Apr 18 2018-04-24
See job description for details
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
The mission of the Global Technology Department is to provide a highly reliable and commercial technology platform, which supports the Firm?s strategy, delivered by an innovative, world-class team of professionals.
Technology & Information Risk (TIR) is part of the Global Technology organization. Its mission is to enable proactive, comprehensive, and consistent technology and information-related risk management practices across the Firm and to protect Firm information, systems, and associated infrastructure from Cyber Threats.
A position is available within the Morgan Stanley Global Risk Governance group for a Policy Specialist in the Global Technology, Cyber and Information Security Policy Management Team. This is an excellent opportunity for a candidate who is ambitious, experienced, and highly-skilled to join a dynamic global function within our Glasgow office.
The team is responsible for policy development, maintenance, socialisation and advisory services, as well as mappings to regulatory requirements and risk management objectives. The team develops new and existing policies and procedures based on development requests approved by senior policy coverage area owners, managing the full end-to-end lifecycle of development request to final governance approvals.
The primary focus of the role is:
- Initial Research/Scoping of new Policy/Standards Requests - Working with various Program Leads and other subject matter experts across Technology owning Divisions the person will be responsible for owning the process of initial research and scoping of new Policy/Standards requests.
- Drafting of Policies & Standards post approval of new requests - The person will be responsible for drafting of new Policy/Standards content including:
o Identification of subject matter experts and other interested parties to be involved in the consultation process
o Executing (or facilitating delegation) of initial drafting of Policy/Standards content
o Facilitating review/discussion workshops in order to finalize content
o Presenting final recommendations to senior management (CIO/COO level engagement)
- Liaison with Technology divisions on Standards implementation - Liaising with divisional leads on aspects of Policy/Standards implementation (e.g. on the development of Division specific procedures as required).
This role in not only business analysis and project management but will require the successful candidate to be able to make thoughtful and pragmatic changes to key Policies, Standards and Procedures along with business process definitions and Terms of Reference documents.
- Proven written and verbal communication skills - to the level of being able to interact directly with department senior management.
- Experience of policies and standards programs.
- Proven analytical skills.
- Strong awareness of industry standards, best practices and regulatory expectations in respect to technology.
- Aptitude for technology and strong understanding of technology concepts and terminology.
- Organizational skills as reflected through a methodical/organised approach to analysis and documentation and the ability to manage multiple tasks simultaneously.
- Significant discretion and respect for confidentiality of sensitive information.
- Proficiency in Microsoft Office suite.
- Proactive self-starter who can identify opportunities for improvement and operate autonomously.
- Demonstrates good judgment.
- Hands on technical experience (e.g. software development, infrastructure support).
- Experience of Archer workflows
- Any of the below (or industry equivalent) would be of benefit:
o Certified Internal Auditor (CIA)
o Certified Information Systems Auditor (CISA)
o Certified in Risk and Information Systems Control (CRISC)
o Certified in the Governance of Enterprise IT (CGEIT)
o Certified Information Systems Security Professional (CISSP)