Associate - Cyber and Technology Risk Assurance and Measurement (Operational Risk)

  • Competitive
  • Baltimore, MD, USA
  • Permanent, Full time
  • Morgan Stanley USA
  • 20 Oct 18

Associate - Cyber and Technology Risk Assurance and Measurement (Operational Risk)

Morgan Stanley
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
The talent and passion of our people is critical to our continued success as a firm. Together, we share four core values rooted in integrity, excellence and strong team ethic:
1. Putting Clients First
2. Doing the Right Thing
3. Leading with Exceptional Ideas
4. Giving Back
Morgan Stanley is committed to helping its employees build meaningful careers and we strive to be a place for people to learn, achieve and grow.
Firm Risk Management
Firm Risk Management (FRM) enables Morgan Stanley to achieve its business goals by partnering with business units across the Firm to realize efficient risk-adjusted returns, acting as a strategic advisor to the Board and protecting the Firm from exposure to losses as a result of credit, market, liquidity, operational, model and other risks.
Our mission is to serve as the follow roles:
· Independent agent to set consistent principles and disciplines for risk management
· Strategic advisor to Firm management for setting risk appetite and allocating capital
· Industry leader to influence and meet regulatory standards
You will collaborate with colleagues across FRM and the Firm to protect the Firm's capital base and franchise, advise businesses and clients on risk mitigating strategies, develop tools and methodologies to analyze and monitor risk, contribute to key regulatory initiatives and report on risk exposures and metrics to enable informed and strategic decision-making. Through thoughtful analysis and clear communication we are best able to bring our ideas to the table and improve the Firm.
Firm Risk Management values diversity and is committed to providing a supportive and inclusive workplace for all employees.
Firm Risk Management's unique franchise promotes:
ü Flat, flexible and integrated global organization
ü Collaboration and teamwork
ü Credible, independent decision-making
ü Organizational influence
ü Creative and practical solutions
ü Meritocratic and diverse culture
Background on the Position
Morgan Stanley has an opening for an Associate in Cyber and Technology Risk Oversight within the Operational Risk Department (ORD). Cyber and Technology Risk Oversight is the practice of identifying, assessing, measuring, and remediating risks related to cyber threats and to the confidentiality, availability and integrity of the Firm's systems and information, including associated processes and controls. The successful candidate will be responsible for helping execute independent oversight, measuring, and assurance testing of risks and controls around the Firm's technology and cybersecurity.
Primary Responsibilities
· Identify and evaluate risks related to the systems and information supporting Firm activities and translate into specific business impact
· Assess, through inspection, observation, or verification whether controls are designed and implemented effectively so as to verify that risks are mitigated to targeted levels
· Review completeness and execution of relevant procedures and assess assurance mechanisms for how effectively they identify weaknesses or failures of key controls
· Review metrics and escalation reports to monitor risk and control-related developments, issues and trends and assess for business impact
· Review technology and security risk issues as well as internal and external incidents in order to help Firm Risk Management develop an independent view of the overall technology and cybersecurity risk posture of the Firm and its underlying legal entities
· Provide monthly and quarterly risk reporting in terms of business impact
· Provide challenge to Business, Operations, and Technology assessments of their risks and controls
· Provide guidance to Business, Operations, and Technology on evolving technology and security risk landscape
· Coordinate with Operational Risk Department colleagues who cover Business Units and Infrastructure Groups in discussing impact of technology and cybersecurity risks on business and support processes
· Monitor industry developments in the management of technology and security risk
· Build and maintain strong positive relationships with the broader risk community in the business and technology organizations of the Firm
· Work with key stakeholders to evaluate policy exception requests and prepare for senior management review

Qualifications:

Skills Required
· Bachelor's Degree minimum
· Strong analytical and problem-solving skills
· Demonstrated record of excellence in conducting business analyses
· Excellent communication skills, both verbal and written; ability to produce concise and effective presentations tailored to technical and non-technical audiences
· Ability to multitask and prioritize
· Strong interpersonal skills in order to work in a team oriented environment
· Strong project management and organization skills
· Experience with relationship management
· Ability to work in a small team environment, building and maintain a network of contacts and coordinating with a large number of stakeholders
· Ability to work under pressure and to tight deadlines
· Flexible and self-motivator
· Proficiency in MS Office and related applications (e.g. Word, Excel, Powerpoint);
Experience
· 3-7 years' worth of technology and/or cybersecurity related work experience, preferably in the financial services industry or in the management consulting industry (Required)
· Experience conducting detailed analysis of complex systems and communicating findings to an executive level audience (Required)
· Experience in or with Technology (IT) Risk Management and/or Technology (IT) Audit including Information Security and/or Cybersecurity (Preferred)