Risk Oversight & Governance: Oversee governance of the Cyber and InfoSec Risk management frameworks, ensuring they align with industry standards and regulatory requirements (e.g., NIST, ISO 27001, GDPR). Ensure that the Cyber and InfoSec risk management processes are aligned with internal security policies, standards and procedures. Review & Challenge: Act as a key advisor to the first line of defense (1L), reviewing risk management strategies, and challenging the effectiveness of existing controls and mitigation strategies. Metrics, Risk Reporting & Monitoring: Regularly monitor and assess the effectiveness of risk management activities, providing comprehensive reports to stakeholders and relevant governance forums. Highlight key risks and the status of risk mitigation efforts. Review metrics and escalation reports to monitor risk and control-related developments, issues and trends. Emerging Threat Oversight: Keep a close eye on emerging security threats and vulnerabilities and advise 1L on adjustments or enhancements to risk management practices to address new challenges. Incident Response Oversight: Provide oversight of incident response activities, ensuring that risk management considerations are incorporated into the response process, and assist with post-incident risk assessments. Security Awareness & Culture: Promote a culture of cybersecurity awareness and risk management across the organization, monitoring that employees at all levels understand their role in managing security risks. Cross-Functional Collaboration: Work closely with other departments to ensure the alignment of security risk management activities with broader organizational risk management frameworks. Build and maintain strong positive relationships with the broader risk community and the security engineering, operational and development teams. Degree (Computer Science or Information Security, preferable but not essential) 6+ years' worth of cybersecurity or security risk related work experience, with at least 2 years of experience in the 2L or in an oversight capacity (preferable but not essential). Strong understanding of cybersecurity frameworks, risk management principles, and security controls. Familiarity with risk management best practices (e.g., CRI, NIST CSF, ISO 27001, CIS Controls). Excellent communication skills, both verbal and written; ability to tailor communication to technical and non-technical audiences Strong ability to analyze security risks, evaluate control effectiveness and recommend improvements in risk mitigation strategies. Ability to work effectively in a cross-functional, global team and challenge the first line of defense on risk management practices while fostering a collaborative solutions-oriented approach. Self-starter with ability to work independently and make sound decisions. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren't just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There's also ample opportunity to move about the business for those who show passion and grit in their work. To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices into your browser. If this role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks. Flexible work statement Interested in flexible working opportunities? Speak to our recruitment team to find out more. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.
Want more jobs like this?
Get jobs delivered to your inbox every week.
