Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Technology works as a strategic partner with Morgan Stanley business units and the world's leading technology companies to redefine how we do business in ever more global, complex, and dynamic financial markets. Morgan Stanley's sizeable investment in technology results in quantitative trading systems, cutting-edge modeling and simulation software, comprehensive risk and security systems, and robust client-relationship capabilities, plus the worldwide infrastructure that forms the backbone of these systems and tools. Our insights, our applications and infrastructure give a competitive edge to clients' businesses—and to our own.
The Morgan Stanley Security Operations Center (MSSOC) is recruiting for a regional team lead that will be responsible for the day-to-day operations within the Americas region. The MSSOC is a 24/7 operation that is comprised of teams located in key geographical locations responsible for security incident triage, remediation and escalation.
They work closely with the MS Cyber Incident Response Team (MSCIRT) Security Analysis organization to develop processes that will further support and enhance the firm's rapid response capability for cybersecurity incidents. The Americas Lead will be responsible for the general quality of the service provided to business units, management of key strategic initiatives, stakeholder and vendor engagement, as well as defining and articulating a vision for the organization.
The Americas Lead will also be responsible for direct personnel oversight and line management in the regions beneath their remit, including talent management, hiring, and recruiting as needed.
Responsible for ensuring the triage and escalation is performed appropriately as well as improving all aspects of detection, containment and resolution of incidents within the SOC.
Responsible for the day to day running of the SOC in the region including interaction with the commercial suppliers and ensuring global cohesion of the SOC function.
Participate in firm-wide response when critical threats arise, engaging with the MS Cyber Event Manager as required.
Define, review, and document new processes that will drive the security response to alerts from security products.
Produce and collaborate on playbooks for holistic response actions as needed.
Ensure Service-Level-Agreements (SLA) are adhered to, aligning response to security events with firm and industry standards.
Maintain internal relationships with the firm’s other front line services including personal security and helpdesk services
Identify opportunities to automate inefficiencies and reduce manual triage processes, interfacing with the Cyber Analytics team to realize solutions.
Coordinate with other SOC leads to support the development of the ODC footprint and the triage function.
Develop and deliver upskilling and capability programs that enhance SOC function, working with Security Analysis and the Global Technology Lead to target critical deficiencies.
Serve as the authority on the compliance work carried out globally for MSCIRT, delivering products and metrics that meet firm-wide regulatory requirements.
Coordinate with partners in Enterprise Security Platforms (ESP) to ensure monitoring of critical structures and escalation of key control events.
Engage with stakeholders in the cloud infrastructure space to define proper escalation channels for security events generated by SaaS, PaaS, and IaaS programs.
5-10 years of experience in Security Operations, Risk Management, Threat Hunting or Incident Response required
Strong understanding of cyber threats, risk management and information security in the domains of TTP's, threat actors, campaigns, observables and mitigation
Strong written and verbal communication skills required
Experience briefing C-suite stakeholders and senior officers is preferred
BS/MS in Information Security field preferred
Experience in the financial industry is preferred
Experience navigating highly regulated or restricted environments is preferred
Experience in operational environments where time management is critical
Program management and oversight experience a significant plus
Thought leader that will drive vision, process and programs to meet increasing demand in a complex threat environment