Dir, P4, Technical Specialist

IMPORTANT Recruiter will finalize JD with the Hiring Manager during the intake meeting once role opens in Taleo to ensure it meets Firm job description guidelines and Job Architecture requirements. Please ONLY populate the relevant [INSERT] sections below. Further guidance on job descriptions can be found by typing careers in your browser.

{A Topline Description of the Role - max 1 sentence} We're seeking someone to join our team as a Director in our Technology Enterprise Infrastructure audit team to manage and execute risk based assurance activities.

{B Standard Description of Division & JA Job Family}The Internal Audit Division (IAD) drives attention and resources to vulnerabilities by providing an independent and well-informed view and impactful messages about the most important risks facing our Firm. This is accomplished by performing a range of assurance activities to independently assess the quality and effectiveness of Morgan Stanley's system of internal control, including risk management and governance systems and processes. IAD serves as an objective and independent function within the Firm's risk management framework to foster continual improvement of risk management processes. This is a Director level position (P4) within Technical Specialist job family, which is responsible for providing extensive subject matter expertise and reinforcing the ability of business and technology audit teams to appropriately assess risk and determine and execute coverage.

{C Standard Description of the Firm} Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals.

{D Standard} Interested in joining a team that's eager to create, innovate and make an impact on the world? Read on.

{E Part 1: Scope of Role What you'll do}

What you'll do in the role:
-Formulate and lead a wide range of assurance activities (e.g., audits, continuous monitoring, closure verification) to assess risks within coverage area and the state of controls in place to mitigate them. The coverage area will include assessing database configuration, Data security (e.g. encryption, key management, DLP, masking), Information Management / Protection (e.g. sharing, labeling, retention), IaC initiation configurations, user activity logging, incident management, capacity planning / monitoring and availability / resilience
-Proactively identify risk and emerging risk, and factor into assurance coverage
-Articulate actionable insights to management regarding criticality and impact of risks to the business
-Effectively partner with colleagues and stakeholders globally to drive effective working relationships
-Align projects and initiatives with department and coverage area priorities, and oversee team?s execution of deliverables in accordance with audit methodology and quality standards
-[INSERT 1-2 additional bullets if needed to describe role specific core responsibilities and/or edit the above bullets points which have been provided as a guide per Tier by the Internal Audit COO function. Keep bullets brief and impactful, starting with a present tense verb. Alternatively, leave this section as is for Hiring Manager to finalize with Recruiter.]{E Part 2: Scope of Role What you'll bring}

What you'll bring to the role:
-Advanced knowledge of industry, global markets, and regulations relevant to coverage area
-Strong understanding of audit principles, methodology, tools, and processes (e.g., risk assessments, planning, testing, reporting and continuous monitoring)
-Ability to articulate risk and impact clearly and succinctly to different audiences
-Effective change and project management techniques and ability to support teams in adapting new ways of working
-Ability to leverage and analyze data to inform focus and views on risk
-Ability to coach and mentor others and create an inclusive work environment for team
-[INSERT 1-2 additional bullets if needed to outline role specific minimum skills, competencies, career/educational background, certifications required and/or edit the above bullets points which have been provided as a guide per Tier by the Internal Audit COO function. Sentences should be brief and start with a noun such as Ability to, Understanding of, Experience in. Alternatively, leave this section as is for Hiring Manager to finalize with Recruiter.]
-At least 6 years' relevant experience would generally be expected to find the skills required for this role
Masters'/ Bachelors' Degree (Computer Science or IT related preferred)
-CISA, CISSP or CPA certification (preferred, though not required)
-Strong understanding of industry standards such as the NIST Cybersecurity Framework, NIST 800-53, PCI-DSS, CSA, ISO 27001/02, CIS Top 20 Critical Security Controls (formerly SANS), FFIEC guidelines etc.
-Technical knowledge of IT systems, including:
-Databases
-Operating Systems (UNIX, Linux, Windows, z/OS)
-Networking, including VPN, LAN, WAN, WLAN
-Backup and Recovery system
-Middleware
-Virtualization Technologies
-Penetration Testing Tools
-Tools such as Splunk, ArcSight, WatchTower
- Good understanding of threats, vulnerabilities, risk, confidentiality, integrity, availability, cryptography, network security, web-based applications architecture and security, network protocols

{F What you can expect from Morgan Stanley} [RECRUITER to add standard global paragraph]

{G Standard Description of location GCs/Paris/Frankfurt only} [RECRUITER to insert where applicable]

{H Regional insertions e.g., Wage transparency, EEO, Regulatory etc.} [RECRUITER to insert standard disclosures for location and division where applicable]