Cyber Event Management and Exercise Officer

  • Competitive
  • New York, NY, USA
  • Permanent, Full time
  • Morgan Stanley USA
  • 22 Oct 18

Cyber Event Management and Exercise Officer

Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Department Profile
The mission of the Global Technology division is to provide a highly reliable and commercial technology platform, which supports the Firm's strategy, delivered by an innovative, world-class team of professionals. There are ten divisions within Technology.

Technology & Information Risk (TIR) is part of the Global Technology organization and manages operational and technology related risks on behalf of the Firm. TIR's mandate is to enable the Firm to manage its technology and data related risks through implementing proactive, comprehensive and consistent risk management practices across the Firm to protect the franchise while capturing business opportunities. The TIR team partners with the business by ensuring that Technology and Data understands how to manage, escalate, and monitor risk.

Team Profile
Morgan Stanley has a critical requirement for a Cyber Event Management Strategy and Exercise Officer in New York to work as part of our 24/7 global Fusion enterprise. Morgan Stanley's state-of-the-art Cybersecurity Fusion Center is charged with orchestrating prevention, detection, and response to cyber events that threaten the Firm's clients, assets, and reputation. Partnering with key stakeholders across Enterprise Technology & Risk and the Business Units, Fusion is also responsible for the management of cyber events from detection to response to resolution, and serves as the Firm's focal point for cyber communications and reporting.

Fusing together information received both externally from our partners and internally from our detection capabilities to enable rapid decision-making, Fusion is the Firm's cornerstone of an agile and adaptive cyber defense strategy, enabling the Firm to rapidly align our defensive capabilities to adapt to changing adversary tactics. Fusion's Cyber Event Management (CEM) team is responsible for orchestrating a rapid Firm-wide response to any cyber threat, vulnerability, or incident that introduces risk to the Firm, taking into consideration the nature and criticality of the cyber event; the Firm's assessed or potential exposure; the Firm's control posture; and the level of actual or potential business impact.

The CEM team is also responsible for proactively identifying the types of cyber events the Firm is likely to encounter; developing processes and partnerships necessary to mitigate the potential cyber risk to the Firm; and, in collaboration with our Cyber Exercise Program (CEP), design appropriate exercise scenarios that build resiliency and demonstrate readiness against this complex cyber threat landscape.

The global Fusion Center is a 24/7 operation with members in key geographic locations; this requires the role to cover shifts during weekday core hours, plus occasional evening and weekend on call for Cyber Event Management as required.

Primary Responsibilities
A successful CEM Strategy and Exercise Officer must have an appropriate mix of exercise planning and strategy development experience, communication skills, interpersonal skills, and cybersecurity knowledge. Fusion is the central node to coordinate Morgan Stanley's response to a cyber event. A successful candidate should ideally have a solid foundation of cybersecurity planning and strategy development experience and have a voracious appetite for learning new things. The exercise program reflects a cybersecurity landscape which is constantly changing and it is essential that the candidate be able to keep pace in this incredibly dynamic environment.

- Refine Fusion plans, playbooks, and procedures to enable timely and precise cyber event response processes across the Firm
- Lead Fusion's exercise facilitation effort in collaboration with the Cyber Exercise Program (CEP), to include planning, facilitation, and documentation development, and coordinate follow-up activities
- Conduct cyber incident scenario preparation including scenario development with stakeholder teams, cyber playbook development and documentation, incident simulations and exercises, as well as post-incident reviews
- Collaborate with the CEP program leadership to orchestrate CEP-led, vendor-facilitated, and sector-wide exercises that assess the accuracy and responsiveness of Cyber Event response processes
- Assist the CEM and Deputy CEM in managing cyber events, both to provide depth within the CEM team and to help inform planning, playbook refinement, and exercise development
- Facilitate and track remediation actions resulting from table top exercises related to Cyber Event Management and other Fusion activities as required
- Manage exercise-related tasks to Fusion within the Firm's task management system
- Conduct external engagement related to sector-wide and vendor-facilitated exercises


Skills required (essential)
- 5+ years of professional experience within security planning/strategy development roles, preferably within financial services, law enforcement, the military, and/or the intelligence community
- Requires excellent writing, presentation, and communication skills for exercise and operational planning
- Strong interpersonal and administrative skills
- Experience designing and orchestrating cyber exercises
- Experience with cyber security investigations and understanding of cyber threat landscape
- Knowledge of information security threat type and their composition
- Knowledge and experience of computer security incident investigations and response processes
- Ability to distil technical and complex information into easy to understand business terms for management

Skills desired
- Experience working for a globally distributed organization
- Willingness to learn about the technology and cyber threat environment
- Experience with the major financial information-sharing organizations (FSARC and FS-ISAC)
- Major Incident Management
- Experience of 24/7 operational environment
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)