Planning Reviews Support the Review Lead in kick-off meetings with PCOs and Risk Officers to review scope, timeline, and approach. Schedule walkthroughs with control contacts, document walkthrough takeaways, send follow-up requests for artifacts. Develop draft test procedures for each control after walkthroughs or peer-review test procedures developed by another control tester. Address feedback from Review Lead or peer reviews. Executing Reviews Create evidence request list from final set of test procedures and communicate requests to stakeholders. Stay on top of evidence requests, including following up with reminders when needed. Review evidence upon receipt and escalate quality concerns to Review Lead if needed. Document workpapers and evidence per control using the ITCT workpaper template. Perform a critical self-review of workpapers or perform a QA review over the workpapers of a peer. Address feedback from Review Lead or peer reviews. Reporting Review Results and Managing Risk Issues Escalate potential risk issues to the Review Lead as soon as possible. Develop draft issue descriptions and determine a draft risk rating for potential issues using the Risk Level Standard. Support the Review Lead during issue confirmation discussions with control contacts. Document draft results reports and/or peer-review the draft report of another. Help the Review Lead to address comments from 2/3 LOD. Create and monitor risk issues in OpenPages. Closure-verify issues in OpenPages once remediated. Project Management of Reviews: Complete responsibilities described above in line with milestone dates agreed upon with the Review Lead. Regularly provide the ITCT Review Lead with status updates on ongoing activities, escalating concerns on meeting milestones to the Review Lead when necessary. Updating the ITCT Master Tracker on a twice weekly basis. Working knowledge of key Technology, Information Security, and Cybersecurity concepts (e.g., data security, identity and access management, network security, change management, etc.) Understanding of relevant regulations and industry standards (e.g., ISO 27001, COBIT, NIST, etc.) including principles and key concepts related to risk assessment, controls, and testing. Working knowledge of technology applications and infrastructure (e.g., server, network, platform desktop environment) and ability to identify risk and controls. Ability to employ process-based thinking to effectively obtain, analyze, and interpret information, identify root causes of problems, and draw logical conclusions. Good organizational skills with diligence and ability to manage multiple priorities. Proficient use of Microsoft Excel and other Microsoft Office products Minimum 2 years relevant risk experience from roles in any of the following: Audit (internal or external), Risk Officer / Information Security Officer, Technology Risk Governance / Consulting, Regulatory agencies Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren't just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There's also ample opportunity to move about the business for those who show passion and grit in their work. To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices into your browser. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.
Want more jobs like this?
Get Management jobs delivered to your inbox every week.
