Lead Cloud Security Controls Engineer_Vice President_Cloud & Infrastructure Engineering

We're seeking someone to join our Cyber Data Risk & Resilience team as Lead Cloud Security Controls Engineer in Cloud and Platform Security division. Lead Cloud Security Engineer (VP) to drive cloud security strategy, research and control engineering in a fast-paced, highly technical environment. This role partners with engineering, architecture, risk and business stakeholders to ensure secure, scalable, and compliant cloud adoption.

In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. The Cloud and Platform Security team enables the firm to securely adopt and scale cloud-native technologies across the enterprise. You will work alongside highly skilled professionals in an environment that values intellectual rigor, technical depth, and collaboration. This role offers the opportunity to shape cloud security at enterprise scale while influencing strategy, standards and risk governance across the organization. We design, implement and operationalize security controls that govern the use of cloud services at scale across Microsoft Azure, AWS, and GCP.

The mission of Cyber Data Risk & Resilience (CDRR) is to deliver first-line defences to manage risks to Firm technology, information and cyber threats through risk identification, control management and assurance. This allows the business to operate and grow in a secure and legally compliant manner. Our vision is to deliver Programs that protect and enable the business, ensure secure delivery of services to our clients, adjust to address the risks presented by an evolving threat landscape, meet regulatory expectations, and offer highly attractive career opportunities.

Since 1935, Morgan Stanley is known as a global leader in financial services, always evolving and innovating to better serve our clients and our communities in more than 40 countries around the world.

What you'll do in the role:

• Lead in-depth security research, design, and validation of cloud services across Azure, AWS and GCP.

• Develop and maintain firm-wide security requirements that enable secure cloud adoption at enterprise scale.

• Translate security requirements into automated, enforceable policies and technical controls.

• Partner with engineering teams to understand use cases and stakeholder requirements.

• Identify security risks when requirements cannot be fully addressed within project timelines and propose compensating controls.

• Document findings, recommendations, and risk positions for senior business, IT and Security leadership.

• Provide subject matter expertise to engineering and development teams to ensure controls are implemented in a scalable, reusable, and governed manner.

• Contribute to cloud security strategy and standards.

What you'll bring to the role:

• Career experience of 12-16 years & Minimum an enterprise environment & minimum 5-7+ years of hands-on experience in Information Security within an enterprise environment.

• Strong technical foundation in cloud security engineering and architecture.

• Experience hardening cloud resource configurations to comply with internal policy and external regulatory requirements.

• Deep knowledge of cloud architectures and security domains, including IAM and identity federation, data protection and DLP, configuration assurance and compliance monitoring, security automation and GRC frameworks.

• Strong understanding of modern threat models, attack vectors, and mitigation techniques in cloud environments.

• Experience with Infrastructure-as-code (IaC) tools such as Terraform

• Familiarity with Policy as Code frameworks such as Rego and OPA.

• Experience with Cloud Security Posture Management (CSPM) platforms such as Wiz, including defining, implementing, and operationalizing cloud configuration rules.

• Proficiency in at least one of the major Cloud Service Providers (GCP, AWS, Azure). Multi-cloud experience preferred.

• Strong analytical thinking and security-first mindset.

• 6+ years of relevant experience to perform this role.

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

At Morgan Stanley, we raise, manage and allocate capital for our clients – helping them reach their goals. We do it in a way that’s differentiated – and we’ve done that for 90 years.  Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices​ into your browser.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.