Finance Information Security Officer, Executive Director

  • Competitive
  • London, England, United Kingdom London England GB
  • Permanent, Full time
  • Morgan Stanley
  • 17 Mar 18 2018-03-17

See job description for details

C o mpany Profile

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Department Profile

The Finance Division reports to the Chief Financial Officer and consists of some 3,000 employees worldwide. Finance protects the Morgan Stanley franchise by serving as guardian of the Firm’s books and records and by contributing to firm wide risk management and risk reduction. This division maintains relationships with Morgan Stanley’s various industry and government regulators and also serves as the conduit of financial information to the outside investment community. Finance plays a critical role as advisor to Morgan Stanley’s various businesses and its senior management team.

The Financial Control Group (FCG) is responsible for overseeing the accounting and financial and regulatory reporting for the Firm. FCG prepares external financial reports for public filings and regulators.

For internal reporting FCG, along with Financial Planning and Analysis (FPA), summarizes, plans and forecasts the organization's financial position, including income statements, balance sheets, and analyses of future revenues, expenses and earnings. FCG is comprised of Business Unit Controllers, Infrastructure Controllers, Accounting, Regulatory and Reporting groups, and Valuation Review.


The role will reside within the Finance Division, under the Finance Risk and Information Security and Control group (FinRISC), reporting directly to the Executive Director of EMEA Finance Operational Risk. The position will manage staff in London, New York and Mumbai. The Business Unit Information Security Officer (BUISO) is responsible for the implementation and effectiveness of the Firm’s Information Security Program within their respective Business Unit (BU). The BUISO is a senior (officer level) and influential member within the business who has a broad understanding of the handling of information, the technology used in the processing of information, and the associated risks for their business. This role will provide leadership within information security related programs, including processes and procedures in adherence with the Global Information Security Program Policy. The Information Security Program is committed to the protection of the Firm’s information assets through the development of the Information Security Policy, Standards and supporting Procedures.

Information Security programs administered by FinRISC include: Entitlements Management; Segregation of Duties; Supplier Risk; Cyber Security and Data Leakage controls. FinRISC represent the division as the designated global and regional Finance ‘Business Unit Information Security Officer’ (BUISO).

Primary Responsibilities

· Providing advice, direction and solutions on all aspects of information security risk management including Finance Segregation of Duties exceptions

· Serving as an escalation point for the Finance and Information Security Program product owners

· Finance leader in information security related forums and governance committees at the Firm level identifying, raising and discussing BU-specific information security requirements and resolving any issues in partnership with Technology and Information Risk and/or Corporate Security

· Overseeing the implementation of Firm wide information protection policy and procedures and assist with the review and periodic recertifying of policy/program exceptions granted within the BU.

· Educating Firm personnel on Firm best practices in order to improve information security awareness and policy compliance.

· Managing Finance queries relating to entitlements, secure data transportation/transmission, data leakage issues, security incidents in order to safeguard the Firm’s information assets.

· Responsible for the Finance Data Leakage Prevention (DLP) Program preventing or identifying instances of unauthorized disclosure of electronic data and/or misdirected communications which could result in exposures including

· Assist Finance in classifying information following a data leakage issue and risk-rank the incident. Work with the Incident Response team, Legal, Human Resources, and the BUISO to identify action steps following a data leakage event.

· Assume the SPOC (single point of contact) role, responsible for divisional Supplier Risk Program compliance

· Ensure Finance contributors/signatories understand the Information Security Risk Acceptance process. Conduct a quality assurance review of the Risk Acceptance form prior to submission for approval to ensure it clearly and accurately articulates the risk(s) and any remediation activities

· Work with the Finance Risk Leads as needed to facilitate their ability to assess information security risk as part of the Firm’s Risk Control Self-Assessment program including: determination of inherent risk; rating the effectiveness of information security controls within their organization; determination of residual risk level


Skills required

· Bachelor’s degree or equivalent

· Prior Information Security and/ or Operational Risk Management experience

· Ability to work effectively on multiple projects under tight deadlines

· Proficiency with data management, End User Computing Tools (spreadsheets and databases) and other standard computing applications (PowerPoint and Word)

· Superior analytical thinking and problem solving abilities

· Excellent verbal and written communication skills, with the ability to communicate with key stakeholders and Senior Management

· Intellectual curiosity with a focus on information sharing

· Strong relationship building skills

· Ability to understand and apply complex concepts

· Self-motivator and team player who brings a can-do approach

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.