Role: Director - US Banks STA - Cyber Metrics Oversight
Location: Mumbai (CMZ3)
Morgan Stanley
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking,securities, investment management and wealth management services. The Firm's employees serveclients worldwide including corporations, governments and individuals from more than 1,200 offices in43 countries.The talent and passion of our people is critical to our continued success as a firm. Together, we sharefive core values rooted in integrity, excellence and strong team ethic:1. Putting Clients First2. Doing the Right Thing3. Leading with Exceptional Ideas4. Giving Back5. Committing to Diversity and Inclusion
Morgan Stanley is committed to helping its employees build meaningful careers and we strive to be aplace for people to learn, achieve and grow.
Legal and Compliance Division Profile
Legal & Compliance Division (LCD) comprises of Legal, Compliance, Global Financial Crimes,Operational Risk and Regulatory Relations. Compliance, Global Financial Crimes and OperationalRisk are together referred to as Non-Financial Risks (NFR)
>The Legal Department provides guidance, requirements, and procedures for understandingand complying with the laws, regulations and Firm policies that apply to our businesses.
>The Global Compliance Department identifies applicable Compliance Obligations andmaintains a Firmwide Compliance Risk management program, including Compliance Risks thattranscend business lines, legal entities and jurisdictions of operation.
>Global Financial Crimes is responsible for the development and governance of the Firm'sfinancial crime prevention efforts across all regions and business units. Global Financial Crimesis comprised of the Anti-Money Laundering (AML), Sanctions, Anti-boycott, Anti-Corruption(ACG), Government, and Political Activities Compliance (GPAC) programs.
>Operational Risk refers to the risk of financial or other loss, or potential damage to a firm'sreputation, resulting from inadequate or failed internal processes, people, systems, or fromexternal events. Operational Risk Department (ORD) defines the framework, standards andgovernance for Operational Risk for the Firm, and implements and monitors the company-wideoperational risk program. ORD works with the business units and control groups to help ensureMorgan Stanley has a transparent, consistent, and comprehensive program for managingoperational risk, both within each area and across the firm globally.
>The Global Regulatory Relations Group (GRRG) is responsible for strategic and centralizedmanagement of the supervisory activities of Morgan Stanley's regulators and related
developments globally, with a focus on regulatory reviews and examinations and continuousmonitoring activities. GRRG serves as the central point of contact for the regulatory staffresponsible for supervisory activities at Morgan Stanley entities and for timely reporting toFirm management and other governance or management bodies, as appropriate, on thoserelationships and supervisory processes, including areas of significant regulatory focus or concern.
LCD Center of Excellence - Mumbai (LCDCoE) is a part of Morgan Stanley's Global In-house Center,which provides global support to LCD and is an integral part of Firm and LCD strategy.
Coverage Support, a function within Operational Risk has an opening for an Associate to supportCyber, Technology, and Information Security Risk Oversight team (CTIS) The successful candidatewill be responsible for helping execute independent oversight, analysis, and monitoring of risks,controls, and key metrics.
Background on the Position
This role resides within the independent, second line of defense function responsible for providingoperational risk oversight for Cybersecurity, Technology, and Information Security across both MorganStanley Private Bank, NA (MSPBNA) and Morgan Stanley Bank, NA (MSBNA). Morgan Stanleyimplements the following three lines of defense model
>1st Line: Business Units/Infrastructure Groups - Own their operational risk & are responsible forits management.
>2nd Line: Oversight by Independent Risk Management and Control Functions - Partner withBusiness Units and Infrastructure Groups to anticipate, mitigate and report on operational risk.
>3rd Line: Independent Assessment by Internal Audit - Provides independent, assessment,validation and evaluation.
Primary Responsibilities
>Support the US Banks operational risk department in all relevant governance, steering, andworking group committees and ensure that governance-related activities are in compliancewith the US Banks Risk Governance Framework policies and procedures
.>Provide monthly and quarterly cyber incident and issue reporting.
>Maintain and opine on relevant policies and procedures.
>Build and maintain strong positive relationships with the broader risk community and thetechnology and security operational risk management teams.
>Monitor Risk Acceptances and Long Dated Issues on a regular basis to ensure properreporting and governance.
>Managing a team of up to 5 members.
Experienced Required
>Bachelor's degree in information technology, computer science, cybersecurity, data science,finance, economics, business, or related fields. Advanced degree holders are alsoencouraged to apply.
>6-8 years of cybersecurity, technology, information security, risk management, or relatedwork experience.
>Strong project management and organization skills; ability to multitask and prioritize.>Previous Team management experience required.
>Demonstrated critical thinking and problem-solving skills.
>Strong interpersonal skills to engage with multiple stakeholders.
>Ability to work under pressure and meet tight deadlines.
>Flexible and self-motivator
>Highly proficient in MS Office Suite (e.g., Word, Excel, PowerPoint). Additional expertise intools such as PowerBI, Tableau, and other data aggregation and reporting tools a plus.
Experience Preferred
>Proficient in computer network defense, software programming, technology integration, or related disciplines.