What are the responsibilities and job description for the Internal Audit - Cybersecurity Director position at Morgan Stanley?
Job Description - Internal Audit - Cybersecurity Director (3231195)
Job Description
Internal Audit - Cybersecurity Director
Job Number: 3231195
Posting Date : Feb 10, 2023
Primary Location : Americas-United States of America-Maryland-Baltimore
Education Level : Bachelor's Degree
Job : Audit
Employment Type : Full Time
Job Level : Manager
Description
Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Background on the Position
Morgan Stanley is seeking a strong IT Audit candidate to cover Cybersecurity and Information Security, Infrastructure and Business Continuity Planning supporting the Firm. Cybersecurity Auditors focus on the Cybersecurity controls for Business and Technology processes supporting the enterprise and are responsible for understanding, analyzing, and testing the controls including those over architecture and configuration, systems development, security and entitlements, production management and technology governance.
Primary Responsibilities
- Manage projects and supervise staff on audit assignments with primary focus on cybersecurity
- Design and execute risk-based audit programs in order to assess the design and effectiveness of key technology and/or security controls for critical systems and processes.
- Partner with Application and Business Auditors, and work collaboratively within a team
- Maintain ongoing dialog with key stakeholders regarding risks identified and necessary improvements to the control framework
Qualifications
Skills Required (essential)
- Five or more years IT Audit experience
- Experience in auditing interfaces, infrastructure, data processing and computer general controls
- Strong understanding of industry standards such as the NIST Cybersecurity Framework, NIST 800-53, PCI-DSS,
ISO 27001/02, CIS Top 20 Critical Security Controls (formerly SANS), and FFIEC
- Understanding of the Cybersecurity Threat Landscape
- Technical knowledge of IT systems, including:
- Databases
- Operating Systems (UNIX, Linux, Windows, z/OS, AS400)
- Networking, including VPN, LAN, WAN, WLAN, Firewalls and associated hardware
- Backup and Recovery systems
- Middleware,
- Virtualization and Cloud Technologies and Frameworks
- Data Loss Prevention tools, Intrusion Detection and Intrusion Prevention tools
- Vulnerability assessment and Pen Testing Tools
- Tools such as Splunk, ArcSight, Fortify, AppScan, Kali Linux
- Ability to handle multiple projects while meeting deadlines with minimal supervision
- Build strong relationships with Technology clients
- Strong written and verbal communication skills
- Practical IT work experience
Skills Desired
- Experience with Data Analysis using data mining tools
- Familiarity analyzing results from Pen Testing and Vulnerability management Tools
- Scripting and programming experience is beneficial
Education Requirements
- Bachelor's Degree (Computer Science, Technology, Information Systems or related field)
- CISA, CISSP, and/or CISM certifications are preferred
- Offensive Security Certified Professional (OSCP), CSX-F certification, Certified Ethical Hacker (CEH) or similar certifications are desirable
- Microsoft Technologies, Cisco Technologies, Azure, AWS certifications are a plus
Morgan Stanley's goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently, our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.
It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, transgender, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.
Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).
