Company Profile

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, wealth management and investment management services. With offices in more than 41 countries, the Firm's employees serve clients worldwide including corporations, governments, institutions, and individuals. For further information about Morgan Stanley, please visit www.morganstanley.com.

Job Summary:

The Technology Control Group's Executive Director will lead the department's governance, risk, and compliance functions, ensuring strong control mechanisms, regulatory compliance, and mitigation of technology-related risks. This leadership role involves managing a global team to oversee and execute critical risk and control initiatives, aligning with business objectives and regulatory requirements. The Executive Director will provide risk insights, manage control exceptions and exemptions, and present to senior management across various forums.

Primary skills

• Governance, Risk, and Compliance (GRC) Leadership: Ensure technology control standards and policies are implemented across all technology domains and business units focusing on technology controls risks and capturing deviations with contextual details. 
• Regulatory Compliance: Ensure adherence to relevant regulatory requirements and industry standards, maintaining up-to-date knowledge of regulatory changes and advising senior management on necessary adjustments through continuous feedback mechanisms devised and roll out.
• Risk Mitigation and Cybersecurity:  Oversee and implement risk mitigation strategies, focusing on cybersecurity initiatives and controls to address emerging threats and vulnerabilities across the business unit from data driven approach.
• Exception Management: Manage the identification, tracking, and resolution of control deviation, exceptions and exemption, ensuring proper documentation and approval processes. Govern the implementation actions as necessary and help track mitigations to closure.
• Incident Management and Reporting: Track all incidents and control failures, prepare and present comprehensive reports to senior management, risk committees, and other forums. Ensure timely escalation of high-risk incidents and actionable tasks to the Risk Officers and the Management Board.
• Operational Support: Provide 24x7 operational support for the Technology Risk and Governance Control (TRGC) group, ensuring business-critical processes are adequately supported and controlled.
• Team Leadership and Global Oversight: Manage and lead a global team of risk and control professionals. Ensure effective coordination across regions, supporting consistent practices and frameworks across all operational units.
• Communication and Reporting:  Prepare regular control insights and risk reports for senior leadership, providing clear and concise updates on key risk areas, emerging threats, and the status of mitigation efforts. Highlight high-risk issues and actions required to mitigate these risks.
• Stakeholder Engagement and Conflict Resolution:  Engage with senior stakeholders across the organization to articulate risk positions, negotiate solutions, and build consensus on risk mitigation strategies. Effectively resolve conflicts and guide teams to balanced and practical control solutions.
•  Ability to work in fast paced and dynamic environment.
•  Strong sense of ownership and accountability of deliverables, self driven, and bring in innovative approaches to lead & deliver.

Job Responsibilities

• Define & manage every exception to control requirements or instances and report on risk and planned mitigation strategies co-ordinating with stakeholders.
• Analyse data from multiple sources of cyber platform and leverage AI to correlate and contextualise the incidents and identify the risk for the firm with control deviations.
• Collaborate with stakeholders to drive the use of exceptions data and propose solutions to improve the Firm's risk identification strategy.
• Understand the technology stack, cyber platform, security procedures, Risk governance defined by the firm.
• Explore new data sources and potential data sets to Perform data analysis (statistical and otherwise), and derive insightful and actionable business outcomes
• Ensure data integrity through – Data quality, validation, Governance and Transparency
• Understand data visualization to create meaningful dashboards for end-users
• Lead projects, analyze and prioritize workload based on business, risk and requirements.
• Manage operations team for all of technology risk and governance functions and follow-up actions and resolution of all technology control governance solutions
• Establish effective working relationships with Engineering counterparts and other stakeholders.
• Develop automated metrics reporting capabilities on operational and exceptions management process

• 18+ years of experience in risk management, governance, and compliance, preferably within a technology control environment.
• GRC Expertise: Deep understanding and hands-on experience in defining and implementing governance, risk, and compliance (GRC) controls and procedures within a technology-focused environment.

• Regulatory Compliance: In-depth knowledge of regulatory frameworks, including data protection, financial, and cybersecurity regulations, with experience in implementing compliance programs.
• Cybersecurity & Risk Management: Proven experience in leading cyber risk management initiatives, implementing controls, and mitigating risks within large, complex technology environments.
• Exception Management: Strong background in managing control deviations, exception handling, and developing remediation plans to address control gaps or weaknesses.
• Incident Tracking and Reporting: Experience in tracking incidents and effectively presenting risk insights to senior management and stakeholders in different forums.
• Operational Leadership: Ability to manage operational workloads, provide 24x7 support, and ensure continuous service availability of technology governance solutions
• Communication Skills: Exceptional verbal and written communication skills, with the ability to effectively negotiate, articulate complex risk concepts, and present clear solutions to senior management.
• Team Management:  Proven experience in managing global teams, fostering collaboration across multiple regions, and resolving conflicts.
• Conflict Resolution: Strong skills in conflict resolution, with the ability to lead teams through complex issues and align stakeholders on mitigation strategies

Education

• Bachelor’s degree in Information Technology, Risk Management, or a related field (Master's degree preferred).
• Relevant certifications (e.g., CISSP, CISM, CRISC) are highly desirable.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.