We're seeking someone to join our team as a Third-Party Security Assessment Specialist in Cyber to deliver security reviews of Third-Party service provides as part of the Security Design assurance process.

The Security Design (SecDesign) team is part of the Cyber Data Risk & Resilience (CDRR) organization. The mission of the SecDesign team is to provide security assessments of technology systems and processes to identify business risks and recommend remedial action based on established security standards or security best practices. The SecDesign Third-Party Security Assurance is an internal function that is working on multiple third-party security initiatives, handling risk assessments, control gap analysis of third-party services in order to remove risks from our environment.  

It is an opportunity to get involved in multiple business units and technologies inherent to the mission of SecDesign. The ideal candidate works with the stakeholders and control groups (Technology, Business, risk management, Suppliers and other Stakeholders) globally to perform SecDesign Third-Party security risk posture analysis against firm security policies. The candidate will also be working with a global team of experts on modernizing the Firm’s Third-Party security risk assessment processes.

In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Third-Party Security Assessment Specialist position at Associate level, which is part of the job family responsible for developing and maintaining software solutions that support business needs.

Since 1935, Morgan Stanley is known as a global leader in financial services, always evolving and innovating to better serve our clients and our communities in more than 40 countries around the world.

What you'll do in the role:

• Conduct risk assessments of third parties and provide technology requirements to address risks identified. Example areas covered:
  • Authentication, Authorization, Logging, Monitoring
  • Network security
  • Data protection, Cryptography, Secure Data Transport and Storage
  • SaaS, Cloud Security
• Identify technical control gaps and review security requirements set to remediate identified risks
• Ensure that the quality of security assessments is consistent and meets expectations
• Provide architectural and implementation guidance to ensure developers/technology owners follow security best practices.
• Communicate to the IT System Owners technical details on technical control gaps and provide attack scenarios relevant to the risks identified.
• Communicate to the IT System Owner detailed remediation guidance.
• Articulate risks introduced by technical control gaps to the service’s Business Owner.
• Participate in the ongoing improvement of SecDesign Third Party security risk procedures and processes. 

• Build and maintain strong positive relationships with the existing cyber and information security risk community in the respective business and control groups. 

What you'll bring to the role:

• Actively seeking to understand how technology risks arise in different business contexts. 

• Basic knowledge and experience in at least one of the classic security topics such as:
  • Windows/Unix Operating System security
  • Risk management
  • Data protection, data leakage prevention and secure data transfer and storage
  • Network security – WAN/LAN/DataCenter
  • Application and Web Security - validation checking, software attack methodologies, OWASP
  • Cryptography, encryption and hashing
• Previous experience in Financial Services is preferred. 

• Experience working with global organizations is preferred. 

• Proactive approach to identifying issues and proposing solutions 

• Strong communication skills written, oral, presentation. 

• Ability to influence through factual reasoning. 
• Time management: ability to handle multiple concurrent requests, plan based deliverable management, strong follow up and tracking.

• Strong focus on delivery when presented with short timelines and increased involvement from senior management.
• Ability to adjust communication of technology risks vs business risks based on the audience.
• Understanding of geographic regulations and their impact on Security assessments 
• Bachelor’s Degree in relevant domain (technology, Cybersecurity)

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices​ into your browser.

Certified Persons Regulatory Requirements:
If this role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks.

Flexible work statement
Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.