Infrastructure Security Architect - Executive Director

  • Competitive
  • New York, NY, USA
  • Permanent, Full time
  • Morgan Stanley USA
  • 16 Oct 18

Infrastructure Security Architect - Executive Director

Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Technology
Technology works as a strategic partner with Morgan Stanley business units and the world's leading technology companies to redefine how we do business in ever more global, complex, and dynamic financial markets. Morgan Stanley's sizeable investment in technology results in quantitative trading systems, cutting-edge modelling and simulation software, comprehensive risk and security systems, and robust client-relationship capabilities, plus the worldwide infrastructure that forms the backbone of these systems and tools. Our insights, our applications and infrastructure give a competitive edge to clients' businesses-and to our own.

The Security Architecture (SecArch) team is part of the Technology Infrastructure Risk (TIR) organization. The mission of the team is to protect the Firm by ensuring in-scope technologies built internally, products purchased and services used meet security requirements that include the Firm's Policies, external guidelines, regulatory expectations, and appropriate controls in the areas of information security, secure design, and cyber security. We accomplish this mission via three primary services: architecture consulting, solutions consulting, and design review. This is a senior role within the Security Architecture team; the successful candidate will be working with senior leaders across the enterprise.

The person in this role will have the following responsibilities:

1. Lead architecture consulting to construct Security Architectures for a business unit and infrastructure technology teams
2. Conduct risk assessments and provide technology requirements to address risks identified. Example areas covered:
a. Authentication, Authorization, Auditing
b. Application Security, Session Security, Vulnerability/Penetration Testing, Input Validation
c. Secure Data Transport and Storage
3. Periodically review security reference architecture (security blueprints) and conduct updates/enhancements to guidance, policies, or other applicable reference materials
4. Participate in various Operational and Technology Risk governance processes
5. Represent, where applicable, Security Architecture in architecture review committees

Qualifications:

Soft Skills

1. Excellent communication skills: written, oral, presentation, listening
2. Ability to influence through factual reasoning
3. Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking
4. Focus on delivery when presented with short timelines and increased involvement from senior management
5. Ability to adjust communication of technology risks vs business risks based on the audience
6. Ability to operate in multiple virtual teams, directly manage teams, or ability to operate as a sole-contributor

Security Architecture Skills

1. In depth knowledge of application, network and platform security vulnerabilities
2. Experience in conducting Information Security, Security Architecture, Audit assessments. Presenting the outcomes of the assessment and obtaining buy in
3. Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness
4. The candidate should have working experience in the following application/network security domains:
a. Authentication: SAML, SiteMinder, Kerberos, OpenId
b. Entitlements and identity management
c. Data protection, data leakage prevention and secure data transfer and storage
d. Application Security - validation checking, software attack methodologies
e. Cryptography, encryption and hashing

Bachelor's Degree with minimum 10 years relevant work experience in high-paced, enterprise environment.