Tech Risk Testing Director

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

The cornerstone of Morgan Stanley's risk management philosophy is the execution of risk-adjusted returns through prudent risk-taking that protects Morgan Stanley's capital base, liquidity and franchise. Non-Financial Risk (NFR) refers to the risk of actual or potential economic, reputational, regulatory, financial reporting and client impact, resulting from inadequate or failed internal processes, people, and systems, or from external events impacting the full scope of its business activities, including revenue-generating activities and infrastructure groups. NFR is part of the Second Line of Defense providing independent oversight and challenge to management across compliance and operational risks. Given the nature and breadth of operational risk, operational risks are managed at multiple levels e.g. Firmwide, as well as Regional, Business Unit, Infrastructure Group, Control Function and Legal Entity.

The NFR Cyber, Technology and Information Security (CTIS) Department is focused specifically on managing cyber, technology and information security risks. NFR CTIS brings together rules management, standard setting, assessing risk, process and controls by technology domains, advising the business, and an oversight and testing function to provide a comprehensive risk management decision for cyber, technology and information security related risks. Cybersecurity, Information Security and Technology risk management is critical to ensure the confidentiality, integrity and availability of Firm Information, Systems and Assets. Cybersecurity risk refers to managing and protecting the Firm's information assets and operations from cyber threats, e.g., cyber events or attacks resulting from inadvertent or intentional acts involving deception, falsification, destruction, etc. Information Security risk refers to protecting the confidentiality, integrity and availability of Firm's information and systems, e.g., internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of confidential information and systems. Technology risk refers to ensuring and protecting the availability, stability, capacity and recovery capabilities of the Firm's key systems, e.g., loss, damage or business disruption resulting from inadequate or failed processes, people and systems or from external events.

Morgan Stanley is seeking a Risk professional to join the Non-Financial Risk Cyber, Technology and Information Security (NFR CTIS) Testing Team based in Alpharetta.

The successful candidate will plan and execute full scope and other tests on engagements assigned by Technology Risk Testing Manager. The Technology Risk Testing team is part of the broader Global 2LOD Non-Financial Risk Testing organization. The team plans and executes the Technology Risk annual testing plan.

Primary Responsibilities:

• Assist in the development and maintenance of the annual technology testing plan.
• Develop and deliver engagement announcements.
• Lead engagement kickoff meetings for stakeholders; lead periodic engagement progress updates.
• Execute and document test activities in test workpapers. Test activities may include process deep dives, control design reviews, control effectiveness tests, or outcome-based tests.
• Test execution fieldwork-Perform test activities in accordance with 2L NFR testing standards:
• Interview stakeholders, request and review pertinent policies, standards, procedures, KRI metrics, and other documents, and walk through relevant processes and control environments.
• Develop test scripts and recipe cards.
• Request and validate receipt of relevant data and samples for testing.
• Execute and document test activities in test workpapers.
• Identify and escalate potential test findings.
• Propose action plans and remediation requirements.
• Prepare test reports.
• Track and confirm completion of action plans and their remediation requirements.
• Remain current on industry rules, regulations and best practices to make recommendations to the testing program.

Skills Required:

• Bachelor of Science required with a concentration in Computer Science or Information Technology.
• 8+ years audit/risk/compliance experience in the financial services industry, a regulator, or a self-regulatory organization.
• Experience leading and conducting Technology reviews.
• Investigative skills - inquiry and analysis, interviewing, testing, risk assessment capabilities.
• Ability to research and resolve issues independently while working across teams to acquire information.
• Risk Management Knowledge - strong understanding of financial industry risk and control and the ability to critique relevant language.
• Self-motivated with strong analytical, organization, and problem-solving skills; ability to work independently, demonstrate resourcefulness, and develop well-structured proposals.
• Ability to work effectively in a cross-functional, global team.
• Excellent communication skills, both verbal and written; ability to tailor communication to technical vs non-technical, senior vs junior audiences.
• Proficiency with Microsoft Word, Excel, PowerPoint, Adobe, SharePoint and ability to quickly learn automated systems.

Skills Desired:

• Knowledge of global regulatory requirements like GLBA, GDPR, Part 30 Information Security, NYDFS etc. and technology control standards like NIST, FFIEC, CRI, COBIT, CIS etc.
• Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) designations are highly desirable.
• Prior experience in Big 4 or equivalent professional services environment, with hands-on responsibility for leading risk-based audits or testing engagements.

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

At Morgan Stanley, we raise, manage and allocate capital for our clients – helping them reach their goals. We do it in a way that’s differentiated – and we’ve done that for 90 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe, please copy and paste into your browser.

Morgan Stanley's goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently, our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.

It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, transgender, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.

Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).