Director, Penetration Testing, Security & Risk

About the Role

Morgan Stanley is seeking an experienced cybersecurity professional to join their Penetration Testing and Assessment Team as a Director. This role is ideal for a seasoned cyber professional looking to bridge deep technical knowledge with senior management engagement, strategy, and risk management. You will partner with team members, Subject Matter Experts (SMEs), Risk Officers, and senior management across all business areas to implement a secure technical environment.

Cyber Security Engineering at Morgan Stanley

As a Director in Cyber Security Engineering, you will provide specialist cyber expertise and create solutions to protect Morgan Stanley's systems and networks against actual and potential security threats and vulnerabilities. Since 1935, Morgan Stanley has been a global leader in financial services, known for evolving and innovating to serve clients and communities in over 40 countries.

What You'll Do In The Role

• Perform security assessments of targeted assets to identify and remediate vulnerabilities.
• Provide coverage of key controls supporting cybersecurity, with a specific focus on penetration testing and ethical hacking processes.
• Participate in planning, testing, documentation, and determining effectiveness of security controls across Morgan Stanley's critical assets.
• Assist in the development and analysis of key metrics to identify trends in cybersecurity.
• Establish strong relationships with senior leadership, related controls groups, and business groups.
• Share knowledge, techniques, and toolsets within the team to build proficiency in the Cyber Security landscape.

What You'll Bring To The Role

The ideal candidate will have 8 or more years of total work experience, including at least 5 years in IT Security, with significant experience in ethical hacking and penetration testing.

• Excellent understanding of defense-in-depth principles and network security architecture.
• Knowledge of common attack vectors and associated mitigation controls.
• Knowledge of penetration testing principles, techniques, and tools.
• Knowledge of vulnerability scoring systems (CVSS/CMSS).

People/Communication Skills

• Ability to learn new technologies quickly.
• Excellent writing and presentation skills are required to communicate findings and status effectively.
• Clearly communicate priorities and escalation points/procedures to other team members.
• Detail-oriented, organized, methodical, with strong follow-up skills and an analytical thought process.

What You Can Expect From Morgan Stanley

Morgan Stanley is committed to maintaining first-class service and a high standard of excellence. Their values – putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back – guide daily decisions. At Morgan Stanley, you'll find an opportunity to work alongside the best and brightest in a supportive and empowering environment. The teams are relentless collaborators and creative thinkers, fueled by diverse backgrounds. Morgan Stanley proudly supports employees with attractive and comprehensive benefits, with ample opportunity for growth for those who show passion and grit.

Key skills/competency

• Penetration Testing
• Ethical Hacking
• Vulnerability Management
• Risk Mitigation
• Cybersecurity Strategy
• Network Security Architecture
• Attack Vector Analysis
• Security Controls Assessment
• CVSS/CMSS
• Senior Stakeholder Engagement