Job Type
Full Time
Job Details
Division: Legal & Compliance
Job Title: Technology Risk Tester
Location: Mumbai (NKP)
Job Level: Director
Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Department Profile
Legal and Compliance
Legal & Compliance Division (LCD) comprises of Legal, Compliance, Global Financial Crimes and Regulatory Relations.
The Legal Department provides guidance, requirements, and procedures for understanding and complying with the laws, regulations and Firm policies that apply to our businesses.
The Global Compliance Department identifies applicable Compliance Obligations and maintains a Firmwide Compliance Risk management program, including Compliance Risks that transcend business lines, legal entities and jurisdictions of operation.
Global Financial Crimes is responsible for the development and governance of the Firm's financial crime prevention efforts across all regions and business units. Global Financial Crimes is comprised of the Anti-Money Laundering (AML), Sanctions, Anti-boycott, Anti-Corruption (ACG), Government, and Political Activities Compliance (GPAC) programs.
Operational Risk refers to the risk of financial or other loss, or potential damage to a firm's reputation, resulting from inadequate or failed internal processes, people, systems, or from external events. Operational Risk Department (ORD) defines the framework, standards, and governance for Operational Risk for the Firm, and implements and monitors the company-wide operational risk program. ORD works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent, and comprehensive program for managing operational risk, both within each area and across the firm globally.
The Global Regulatory Relations Group (GRRG) is responsible for strategic and centralized management of the supervisory activities of Morgan Stanley's regulators and related developments globally, with a focus on regulatory reviews and examinations and continuous monitoring activities. GRRG serves as the central point of contact for the regulatory staff responsible for supervisory activities at Morgan Stanley entities and for timely reporting to Firm management and other governance or management bodies, as appropriate, on those relationships and supervisory processes, including areas of significant regulatory focus or concern.
LCD Center of Excellence - Mumbai (LCD CoE) is a part of Morgan Stanley's Global In-house Center, which provides global support to LCD and is an integral part of Firm and LCD strategy
Background on the Team
The successful candidate will plan and execute full-scope and other tests on engagements assigned by Technology Risk Testing. The Technology Risk Testing team is part of the broader Global 2LOD Non-Financial Risk Testing organization. The team plans and executes the Technology Risk annual testing plan.Primary Responsibilities
Execute and document test activities in test workpapers. Test activities may include process deep dives, control design reviews, control effectiveness tests, or outcome-based tests.
Attend engagement kickoff meetings.
Interview stakeholders, request and review pertinent policies, standards, procedures, KRI metrics, and other documents, walk through relevant processes and control environments.
Determine and propose appropriate test activities and develop engagement scope memos.
Develop test scripts and recipe cards.
Request and validate receipt of relevant data and samples for testing.
Identify and escalate potential test findings.
Propose action plans and remediation requirements.
Prepare test reports.
Coordinate with Technology Risk testing personnel globally to track the progress of the test plan for reporting to senior management.
Track status of corrective action plans agreed upon with the business
Track internal audit reviews and findings and review internal audit work-papers to identify opportunities to leverage their reviews for Technology Risk testing reviews
Remain current on industry rules, regulations, and best practices to make recommendations to the testing program.
Skills required (essential)
8+ years audit/risk/compliance experience in the financial services industry, a regulator, or a self-regulatory organization.
Experience in executing/conducting Technology reviews.
Knowledge of global regulatory requirements like GLBA, GDPR, Part 30 Information Security, NYDFS etc. and technology control standards like NIST, FFIEC, COBIT, CIS etc.
Strong analytical, organizational, and problem-solving skills.
Investigative skills - inquiry and analysis, interviewing, testing, risk assessment capabilities
Ability to prioritize and work effectively on multiple reviews with different individuals at the same time.
Ability to work independently, as well, as in a team.
Ability to work with staff of all levels across departments.
Must have excellent written and oral communication skills.
High degree of organization and attention to detail.
Proficiency with Microsoft Word, Excel, PowerPoint, Adobe, SharePoint, Bloomberg
Skills desired
Chartered Accountant (CA) or Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) designations are highly desirable.
BA/BS required with a concentration in Computer Science or Information Technology or Cyber Security
Other relevant industry certification in the Technology field (e.g. CISSP, cloud certifications, etc.) are a plus
Coverage
Monday to Friday from 11:30 AM to 8:30 PM. Coverage is dependent on business needs so flexibility on required finish time or full day's coverage may be required during some Indian holidays.
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.
Job Title: Technology Risk Tester
Location: Mumbai (NKP)
Job Level: Director
Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Department Profile
Legal and Compliance
Legal & Compliance Division (LCD) comprises of Legal, Compliance, Global Financial Crimes and Regulatory Relations.
The Legal Department provides guidance, requirements, and procedures for understanding and complying with the laws, regulations and Firm policies that apply to our businesses.
The Global Compliance Department identifies applicable Compliance Obligations and maintains a Firmwide Compliance Risk management program, including Compliance Risks that transcend business lines, legal entities and jurisdictions of operation.
Global Financial Crimes is responsible for the development and governance of the Firm's financial crime prevention efforts across all regions and business units. Global Financial Crimes is comprised of the Anti-Money Laundering (AML), Sanctions, Anti-boycott, Anti-Corruption (ACG), Government, and Political Activities Compliance (GPAC) programs.
Operational Risk refers to the risk of financial or other loss, or potential damage to a firm's reputation, resulting from inadequate or failed internal processes, people, systems, or from external events. Operational Risk Department (ORD) defines the framework, standards, and governance for Operational Risk for the Firm, and implements and monitors the company-wide operational risk program. ORD works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent, and comprehensive program for managing operational risk, both within each area and across the firm globally.
The Global Regulatory Relations Group (GRRG) is responsible for strategic and centralized management of the supervisory activities of Morgan Stanley's regulators and related developments globally, with a focus on regulatory reviews and examinations and continuous monitoring activities. GRRG serves as the central point of contact for the regulatory staff responsible for supervisory activities at Morgan Stanley entities and for timely reporting to Firm management and other governance or management bodies, as appropriate, on those relationships and supervisory processes, including areas of significant regulatory focus or concern.
LCD Center of Excellence - Mumbai (LCD CoE) is a part of Morgan Stanley's Global In-house Center, which provides global support to LCD and is an integral part of Firm and LCD strategy
Background on the Team
The successful candidate will plan and execute full-scope and other tests on engagements assigned by Technology Risk Testing. The Technology Risk Testing team is part of the broader Global 2LOD Non-Financial Risk Testing organization. The team plans and executes the Technology Risk annual testing plan.Primary Responsibilities
Execute and document test activities in test workpapers. Test activities may include process deep dives, control design reviews, control effectiveness tests, or outcome-based tests.
Attend engagement kickoff meetings.
Interview stakeholders, request and review pertinent policies, standards, procedures, KRI metrics, and other documents, walk through relevant processes and control environments.
Determine and propose appropriate test activities and develop engagement scope memos.
Develop test scripts and recipe cards.
Request and validate receipt of relevant data and samples for testing.
Identify and escalate potential test findings.
Propose action plans and remediation requirements.
Prepare test reports.
Coordinate with Technology Risk testing personnel globally to track the progress of the test plan for reporting to senior management.
Track status of corrective action plans agreed upon with the business
Track internal audit reviews and findings and review internal audit work-papers to identify opportunities to leverage their reviews for Technology Risk testing reviews
Remain current on industry rules, regulations, and best practices to make recommendations to the testing program.
Skills required (essential)
8+ years audit/risk/compliance experience in the financial services industry, a regulator, or a self-regulatory organization.
Experience in executing/conducting Technology reviews.
Knowledge of global regulatory requirements like GLBA, GDPR, Part 30 Information Security, NYDFS etc. and technology control standards like NIST, FFIEC, COBIT, CIS etc.
Strong analytical, organizational, and problem-solving skills.
Investigative skills - inquiry and analysis, interviewing, testing, risk assessment capabilities
Ability to prioritize and work effectively on multiple reviews with different individuals at the same time.
Ability to work independently, as well, as in a team.
Ability to work with staff of all levels across departments.
Must have excellent written and oral communication skills.
High degree of organization and attention to detail.
Proficiency with Microsoft Word, Excel, PowerPoint, Adobe, SharePoint, Bloomberg
Skills desired
Chartered Accountant (CA) or Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) designations are highly desirable.
BA/BS required with a concentration in Computer Science or Information Technology or Cyber Security
Other relevant industry certification in the Technology field (e.g. CISSP, cloud certifications, etc.) are a plus
Coverage
Monday to Friday from 11:30 AM to 8:30 PM. Coverage is dependent on business needs so flexibility on required finish time or full day's coverage may be required during some Indian holidays.
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.
You Might Also Like
Sign up for our weekly remote work round-up newsletter and have new openings from companies that care delivered right to your inbox.
Mission
We're connecting diverse talent to big career moves. Meeting people who boost your career is hard - yet networking is key to growth and economic empowerment. We’re here to support you - within your current workplace or somewhere new. Upskill, join daily virtual events, apply to roles (it’s free!).
Are you hiring? Join our platform for diversifiying your team