Job Description - Operational Risk - Technology Risk Oversight Officer (Vice President) (3153873)Job Description Operational Risk - Technology Risk Oversight Officer (Vice President)Job Number: 3153873Posting Date: Jun 30, 2020Primary Location: Europe, Middle East, Africa-United Kingdom-United Kingdom-LondonJob: Operational RiskEmployment Type: Full TimeJob Level: Vice President DescriptionOperational Risk - Technology Risk Oversight Officer (Vice President)Company Profile:Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.Department Profile:Operational Risk Department (ORD) works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent and comprehensive program for managing operational risk, both within each area and across the firm globally. Operational risk is the risk of financial loss or other potential damage to the firm's reputation due to inadequate or failed internal processes, people, systems, or from external events. This group designs, implements and monitors the company-wide operational risk program.Operational Risk refers to the risk of financial or other loss, or potential damage to a firm's reputation, resulting from inadequate or failed internal processes, people, systems, or from external events (e.g., fraud, legal and compliance risks or damage to physical assets). The Firm may incur operational risk across the full scope of its business activities, including revenue-generating activities (e.g., sales and trading) and control groups (e.g., information technology and trade processing). Given the nature and breadth of operational risk, operational risks are managed at multiple levels e.g. Firmwide, as well as Regional, Business Unit, Infrastructure Group, Control Function and Legal Vehicle. The Firm has developed an Operational Risk Management Framework to identify and assess significant operational risks and ensure appropriate mitigation actions are undertaken. The Framework is deployed across Business Units, Infrastructure Groups and Control Functions globally, regardless of Region or Legal Entity. The Framework is based upon a "Three Lines of Defense" model:• 1st Line: Business Units/Infrastructure Groups - Own their operational risk & are responsible for its management • 2nd Line: Oversight by Independent Risk Management and Control Functions - Partner with Business Units and Infrastructure Groups to anticipate, mitigate and report on operational risk• 3rd Line: Independent Assessment by Internal Audit - Provides independent, assessment, validation and evaluationORD operates as part of the 2nd Line of Defense, providing independent governance and oversight of operation risk management across the Firm.Position Description:Morgan Stanley has an opening for a Vice President for the Cyber Technology and Information Security team (CTIS) within ORD. CTIS Risk Oversight is the practice of monitoring risks related to the confidentiality, availability and integrity of the Firm's systems and information including associated processes and controls. The successful candidate will be responsible for helping execute independent oversight and monitoring of risks and controls around the Firm's technology and security along with relevant thought leadership. Primary Responsibilities - • As a member of the 2nd line cybersecurity risk team, drive strategic and tactical evolution necessary to maintain effective and efficient cybersecurity risk management.• Integrate and coordinate 2nd line cyber and information security operational risk activities; providing direct support to ORD leadership• Directly support and manage existing and developing 2nd line cyber and information security focused risk governance processes and committees.• Build and maintain strong positive relationships with the existing cyber and information security risk community in 1st line of defense.• Provide meaningful challenge to 1st line cyber and information security risk management, including assessments of cyber and information security risks and associated controls.• Work with 1st line cyber and information security risk and control owners in assessing inherent and residual levels risks based on a structured risk framework.• Coordinate with ORD colleagues who cover Business Units and Infrastructure Groups in discussing impact of cybersecurity risks on business and support processes.• Identify and evaluate risks related to the systems and information supporting Firm activities• Assess, through inspection, observation, or re-performance whether controls are designed and implemented effectively so as to verify that risks are mitigated to targeted levels• Review completeness and execution of relevant procedures and assess assurance mechanisms for how effectively they identify weaknesses or failures of key controls• Provide team and department management with an independent view of the risks pertaining to the Firm's systems and information based on the risks assessment control assurance activities. • Maintain and or oversee relevant policies and procedures related to technology and security processes executed by 1st line of defense• Participate in relevant governance, steering, and working group committees• Review metrics and escalation reports to monitor risk and control-related developments, issues and trends• Review technology and security risk issues as well as internal and external incidents in order to help inform the 2nd line of defense independent view of the overall technology and security risk posture of the Firm and its underlying legal entities• Provide monthly and quarterly risk reporting• Provide quarterly updates on relevant top operational risks and emerging risks • Provide guidance to 1st line of defense on evolving technology and security risk landscape• Coordinate with ORD colleagues who cover Business Units and Infrastructure Groups in discussing impact of technology and security risks on business and support processes• Participate in Operational Reviews such as the Incident Review Meetings and Analyses• Participate in scenario analysis workshops to assess risk impacts• Monitor industry developments in the management of technology and security risk• Work with key stakeholders to evaluate policy exception requests and prepare for senior management review QualificationsSkills Required:• Bachelor's Degree minimum• Extensive technology and or security risk related work experience, preferably in the financial services industry• Experience in Technology (IT) Risk Management and or Technology (IT) Audit including Information Security and or Cyber Security• Experience with relationship management• Strong interpersonal skills in order to work in a team oriented environment• Excellent communication skills, both verbal and written; ability to produce concise and effective presentations tailored to technical and non-technical audiences• Strong project management and organization skills • Ability to multitask and prioritize• Ability to work under pressure and to tight deadlines• Flexible and self-motivator• Strong analytical and problem-solving skills;• Proficiency in MS Office and related applications (e.g. Word, Excel, Powerpoint);Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.Given the continued spread of COVID-19 (coronavirus), all interviews will be conducted by phone or virtual connection to protect our candidates and employees.