Vice President - Cyber Risk Identification Lead (Operational Risk)
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.Operational Risk Department (ORD) works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent and comprehensive program for managing operational risk, both within each area and across the firm globally. Operational risk is the risk of financial loss or other potential damage to the firm's reputation due to inadequate or failed internal processes, people, systems, or from external events. This group designs, implements and monitors the company-wide operational risk program. Operational Risk refers to the risk of financial or other loss, or potential damage to a firm's reputation, resulting from inadequate or failed internal processes, people, systems, or from external events (eg, fraud, legal and compliance risks or damage to physical assets). The Firm may incur operational risk across the full scope of its business activities, including revenue-generating activities (eg, sales and trading) and control groups (eg, information technology and trade processing). Given the nature and breadth of operational risk, operational risks are managed at multiple levels eg Firmwide, as well as Regional, Business Unit, Infrastructure Group, Control Function and Legal Vehicle. The Firm has developed an Operational Risk Management Framework to identify and assess significant operational risks and ensure appropriate mitigation actions are undertaken. The Framework is deployed across Business Units, Infrastructure Groups and Control Functions globally, regardless of Region or Legal Entity. The Framework is based upon a "Three Lines of Defense" model: A' . 1st Line: Business Units/Infrastructure Groups - Own their operational risk & are responsible for its management A' . 2nd Line: Oversight by Independent Risk Management and Control Functions - Partner with Business Units and Infrastructure Groups to anticipate, mitigate and report on operational risk A' . 3rd Line: Independent Assessment by Internal Audit - Provides independent, assessment, validation and evaluation ORD operates as part of the 2nd Line of Defense, providing independent governance and oversight of operation risk management across the Firm., Morgan Stanley has an opening for a Vice President of Cyber Risk Identification. This position will be responsible for identifying, assessing, validating, quantifying and escalating unrecognized cyber risks to Morgan Stanley business operations. The successful candidate will be responsible for defining, developing, executing, and refining novel new methodologies to identify unrecognized cyber risks to the business, along with relevant thought leadership as a key leader in the 2nd line Cybersecurity Risk team. This is a position for an individual with a demonstrated record of accomplishment comprising proven creativity and strategic focus in offensive cybersecurity technology and operations. Primary Responsibilities - As a key leader in the 2nd line cybersecurity risk team, bring deep offensive cyber expertise to develop novel new methodologies to identify hidden cyber risks to key Morgan Stanley business lines. Responsibilities include: A' . For the Morgan Stanley Chief Risk Officer, the Head of Operational Risk Department, and the Head of Cyber, Technology, and Information Security Risk Oversight, act as the subject matter expert/strategic advisor to Morgan Stanley risk management executive leadership on all aspects of cyber exploitation. A' . Build and maintain strong positive relationships with closely with the 1^st line of defense cybersecurity organization (Threat Intelligence, Hunt team, CERT, Fusion Center) to understand and prioritize cyber risk areas. A' . Build a deep understanding of Morgan Stanley's lines of business (Institutional Securities, Wealth Management, and Investment Management) in order to be able to assess and articulate cyber risk in terms of business impact. A' . Define and operationalize novel frameworks and methodologies to independently assess Morgan Stanley's lines of business for risk of cyber exploitation/attack. A' . Work closely with risk management colleagues in vendor, technology, and data risk to bring cyber exploitation subject matter expertise to other risk management areas. A' . Craft, socialize, and present to Firm senior management (including C-Suite) findings and recommendations for addressing highest priority areas of cyber risk. A' . Provide input and expertise to crafting Firm-wide policy and procedures. A' . Coordinate with ORD colleagues who cover Business Units and Infrastructure Groups in discussing impact of cybersecurity threats on business and support processes A' . Participate in Operational Reviews such as cyber threat identification, assessment, and management forums. A' . Contribute offensive cyber expertise to scenario analysis workshops to assess risk impacts based on specific threats. A' . Monitor and remain current in emerging tactics, techniques and procedures in offensive cyber operations. A' . Periodic participation in relevant governance, steering, and working group committees. A' . Be willing and able to travel to New York City and other Firm locations as necessary to support the requirements of the position.A' . Bachelor's Degree minimum; Master's degree preferred. A' . 5-10+ years' experience conducting or overseeing offensive cyber operations at the "nation state" level. A' . Demonstrated record of creativity, independent thinking, and willingness to develop and drive new ideas. A' . Strong interpersonal skills and relationship management experience to work effectively in a team oriented environment interacting with multiple entities within and outside of the Firm. A' . Excellent communication skills, both verbal and written; ability to produce concise and effective presentations tailored to technical and non-technical audiences, including the Morgan Stanley Board of Directors and Board-level committees, and the Morgan Stanley Executive Leadership Team (CEO, COO, CRO, etc.). A' . Strong leadership, project management and organization skills, including the ability to multitask, prioritize, delegate, and manage an effective and growing team. A' . Ability to work under pressure and to tight deadlines. A' . Proficiency in MS Office and related applications (eg Word, Excel, Powerpoint). A' . Ability to extract insights directly from data and some proficiency with industry standard red team tools (metasploit, etc.), blue team tools (wireshark, etc.) and SIEMs (Splunk, ELK) a plus A' . Strong analytical and problem-solving skills. A' . Experience in risk management, oversight, compliance, and audit principles and best practices a plus. A' . Understanding of capital markets, investment banking, wealth management, and banking operations a plus.