IT Risk Management Advisement Associate

About the Role

We’re seeking someone to join our team as an IT Risk Management Advisement Associate for assisting with improving the overall security posture of Morgan Stanley Investment Management. The successful candidate will help protect the firm by proactively identifying, evaluating, and reducing possible threats. This involves threat modelling, supporting policy development, performing assessments, monitoring controls, preparing reports, and working with infrastructure, developers, and business teams to ensure compliance.

In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is an IT Risk Management Advisement Associate position, which is part of the job family responsible for monitoring, detecting, and responding to security incidents to ensure the organization's systems and data are protected from actual and potential threats or breaches.

Since 1935, Morgan Stanley is known as a global leader in financial services, always evolving and innovating to better serve our clients and our communities in more than 40 countries around the world.

What You'll Do In The Role

• Partner with MSIM Technology and Business developers & engineers to understand business initiatives and assist in delivering secure on premise & in the cloud infrastructure through the alignment to the Morgan Stanley Security and IAM Control policies.
• Assist MSIM Technology and Business developers & engineers through the Security Design tollgates of obtaining Permit to Build and Permit to Operate by engaging Security Design Analysts and proactively identify and remediate issues with the goal of mitigating the risks to the firm but enabling the business on a timely basis.
• Participate in technical and non-technical projects to ensure policies, procedures and standards are met.
• Interface with internal and external auditors for risk assessments.
• Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovation.

What You'll Bring To The Role

• At least 4 years’ relevant experience would generally be expected to find the skills required for this role.
• Information Security or IT Risk Management experience with the focus on application and infrastructure.
• Knowledge in cloud security regarding infrastructure and application development within AWS and Azure platforms.
• Knowledge in threat modelling.
• Experience with compliance requirements and Audit engagements (GLBA, SOX, SOC, regulatory agencies, and Internal Audit etc.).
• Ability to effectively communicate business risk as it relates to information security.
• Experience in conducting risk assessments that protect the business and adhere with compliance and privacy laws.

About Morgan Stanley

At Morgan Stanley, we raise, manage and allocate capital for our clients – helping them reach their goals. We do it in a way that’s differentiated – and we’ve done that for 90 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.

Key skills/competency

• IT Risk Management
• Information Security
• Cloud Security (AWS, Azure)
• Threat Modelling
• Compliance (GLBA, SOX, SOC)
• Risk Assessments
• Policy Development
• Security Controls
• Audit Engagements
• Stakeholder Communication