Threat Intelligence Team Leader - Cyber

  • Competitive
  • Glasgow, Scotland, United Kingdom
  • Permanent, Full time
  • Morgan Stanley
  • 20 Jan 18 2018-01-20

See job description for details

Company Profile

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Department Profile

The mission of the Global Technology division is to provide a highly reliable and commercial technology platform, which supports the Firm’s strategy, delivered by an innovative, world-class team of professionals. Technology & Information Risk (TIR) is part of the Global Technology organization and manages operational and technology related risks on behalf of the Firm. TIR's mandate is to enable the Firm to manage its technology and data related risks through implementing proactive, comprehensive and consistent risk management practices across the Firm to protect the franchise while capturing business opportunities. The TIR team partners with the business by ensuring that Technology and Data understands how to manage, escalate and monitor risk.

Morgan Stanley’s state-of-the-art Cybersecurity Fusion Center (Fusion) is charged with orchestrating prevention, detection, and response to cyber events that threaten the Firm’s clients, assets, and reputation. Partnering with key stakeholders across Enterprise Technology & Risk and the Business Units, Fusion manages cyber events from detection through response to resolution, and serves as the Firm’s focal point for cyber communications and reporting. Fusing together information received externally from our partners and internally from our detection and analytics teams to enable rapid decision-making, Fusion is the cornerstone of the Firm’s agile and adaptive cyber defense strategy - enabling the Firm to rapidly align our defensive capabilities to adapt to changing adversary tactics.

Team Profile

The Threat Intelligence (TI) Team specializes in the collection and analysis of information pertaining to the cyber threat landscape and assesses potential impact to the Firm and its operations. The team’s key mission is to support and enhance the Firm’s security posture by providing situational awareness and a thorough understanding of the cyber threat landscape through the delivery of timely and actionable intelligence. The team regularly produces intelligence analysis for its defined stakeholders and contributes to Fusion’s detection efforts, preventative security controls and response to cyber events.

By combining technical expertise with a thorough understanding of the geopolitical and strategic threat landscape, the team ensures depth and breadth of coverage of cyber threats and events, and contextualizes them to help determine their relevance to the Firm. The team is made up of a Strategic Analysis Hub (New York), a Technical Analysis Hub (Baltimore) and a Joint Hub (Glasgow).

Primary Responsibilities

The team has a requirement for a Team Leader to join the Joint Hub in Glasgow which is responsible for providing both technical and strategic assessment of the threat landscape to key leaders and stakeholders.

The Team Leader is responsible for in-person oversight of the intelligence analysts located in the Fusion Center local node and day-to-day coordination of their activities. The individual will coordinate with the Global Head to ensure the team is aligned with, and ready to support, Fusion daily operations. In this capacity, the local Team Leader will also support the Global Head in overseeing and coordinating the team’s daily operations. The individual will oversee and coordinate the collection of Intelligence Requirements and will refine and maintain the collection plan to ensure the team’s analysis and outputs are aligned with the operational and strategic requirements of key stakeholders.

The Local Team Leader(s) will deputise as a Reports Reviewer when needed; ensuring all products and outputs adhere to the team’s standards for quality, accuracy and style.

Primary Functions :

- - Responsible for coordinating collection and documentation of Intelligence Requirements (IRs); conducting regular IRs review to ensure relevance and coverage by intelligence analysts;

- - Review, develop, implement and manage collection strategies to answer IRs;

- - Support Global Head with periodic assessment of vendors for relevance/quality of data feeds, products and services;

- - Monitor intelligence sources for actionable indicators/information, including:
- Vendors and Private Sources
-Open Sources
- Internal Sources (Situational Awareness/Identifying Patterns/Trends/Holistic Approach)
- Government Partners

‐ - Perform managerial duties as the local Lead and acts as Threat Intelligence primary point of contact for engagement with local stakeholders;

‐ - Participate in daily Fusion check-in calls;

‐ - Engage local Fusion Teams when events/incidents occur in Fusion Center as required;

‐ - Contribute to the review of products disseminated by the team;

‐ - Foster and maintain strategic and operational relationships with industry and government partners;

‐ - Deputize for Global Head in providing signoff for intelligence sharing with external partners when required.


Required Skills

- - 4+ years in an intelligence role, preferably within the financial sector

- Management oversight

- - Attested domain expertise on cyber threat landscape to include Advanced Persistent Threats, Cybercrime, Insider, and Hacktivism Understanding of key intelligence analysis concepts, including the intelligence cycle

- - Experience working with the Kill Chain, Diamond Model of Intrusion and similar frameworks and concepts

- - Experience with Open Source Intelligence Products (OSINT) and sources

- - Experience with conducting intelligence investigations and familiarity with investigative tools, including Maltego, DomainTools, and VirusTotal

- - Ability to transfer business objectives into Intelligence Requirements in support of the business strategy

Desired Skills:

- - International experience or experience working for a globally distributed organization

- - Active memberships with associations across the security and intelligence community

- - Experience using Threat Intelligence Platforms

- - Experience implementing or practicing Intelligence and Threat-driven defence frameworks

- - Familiarity with Threat Rating Methodology

- - Bachelor Degree in International Studies, Information Technology, or Criminal Justice/Intelligence fields

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents. *LI-AM2