Security Risk and Design Manager - Montréal, Canada - Morgan Stanley

Morgan Stanley

Verified Company

Montréal, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

Security Risk and Design Manager (Hybrid)

Job Number:
3241689

POSTING DATE:
Sep 27, 2023

PRIMARY LOCATION:
Americas-Canada-Quebec-Montreal

EDUCATION LEVEL:
Bachelor's Degree

JOB:
Risk Management

EMPLOYMENT TYPE:
Full Time

JOB LEVEL:
Vice President

DESCRIPTION

We offer:
To work with some of the best professionals in the business for a firm that values individual intellect as much as teamwork
Stateoftheart offices that are designed to maximize collaboration
Flexible working arrangements
Enriching challenges that provide opportunity for constant learning and advancement
An environment which is leveraging technology to its highest potential

Business Information Security & Risk Management (BISRM) Team Profile:

BISRM team enables the Business and Technology to form a holistic view of identified risk and collaboratively make risk-based decisions in mitigating the risk to the firm while still enabling and ensuring velocity for the business.

In addition to advising Technology Senior Managers on their risk posture, the team is also responsible in enabling Technology divisions to proactively embed and align security, governance and compliance through the implementation of solutions based on the firm's security policies and controls.

The team advise on the firm's Technology Policy & Standards, perform risk assessments and tests of controls, and deliver risk-reporting capabilities.

The team handles responses to regulatory, audit, and client inquiries about the Firm's technology risk, control framework, and fulfil Technology Risk Governance Committee responsibilities.

Position Description:

The Security Risk & Design Manager must continually adapt to stay a step ahead of cyber attackers and stay up to date on the latest methods attackers use to infiltrate computer systems.

This is not a passive career opportunity, but rather one that requires a passion for security and rigor to protect the business.

Information security analysts collaborate with internal and external audit and exam teams, along with technology management and business stakeholders.

We are looking for an individual who has vision of alignment across key stakeholders; and define and govern architecture standards, principles, best practices, and patterns for divisional adoption.

Responsibilities:

Partner with Morgan Stanley Investment Management (MSIM) Technology and Business developers & engineers to understand business initiatives and assist in delivering secure on premise & in the cloud infrastructure through the alignment to the Morgan Stanley Security Control Blueprints.
Assist MSIM Technology and Business developers & engineers through the Security Design tollgates of obtaining Permit to Build and Permit to Operate by engaging Security Design Analysts and quickly remediating issues with the goal of mitigating the risks to the firm but enabling the business on a timely basis.
Fully understand the Morgan Stanley Security Control BluePrints and Security Design Processes to be able to train developers in understanding the concepts and processes of secure development of on premise, in the cloud and SaaS solutions.
Serve as a member of the information security. change management and technical risk oversight squad/teams.
Participate in technical and nontechnical projects requiring information security oversight and to ensure policies, procedures and standards are met.
Interface with internal and external auditors for risk assessments.
Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovation.

QUALIFICATIONS

Qualifications:
Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent
Expertise in DevOps/CICD pipeline on premise and cloud environments such as AWS and Azure.
Expertise in incident response and system monitoring and analysis.
Experience with compliance requirements and Audit engagements (GLBA, SOX, SOC, regulatory agencies, and Internal Audit etc.).
Ability to effectively communicate business risk as it relates to information security.
Experience in conducting risk assessments that protect the business and adhere with compliance and privacy laws.
Knowledge of multiple computing platforms, including Windows, OSX, Linux, Unix, networks and endpoints.
Experience with vulnerability and penetration testing processes and tools including Nessus, Rapid 7 or Qualys.
Experience with configuration management, change management, project management methodologies and tools including Cherwell or ServiceNow.
Experience of managing stakeholders (strong communication & influencing skills)
Experience of technical leadership (architecture, design, implementing efficient modern development practices)

Desired Skills:

Possesses highly effective communications skills with the ability to influence business units.
Acts with integrity, takes pride in work and seeks to exc