Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Technology works as a strategic partner with Morgan Stanley business units and the world's leading technology companies to redefine how we do business in ever more global, complex, and dynamic financial markets. Morgan Stanley's sizeable investment in technology results in quantitative trading systems, cutting-edge modelling and simulation software, comprehensive risk and security systems, and robust client-relationship capabilities, plus the worldwide infrastructure that forms the backbone of these systems and tools. Our insights, our applications and infrastructure give a competitive edge to clients' businesses?and to our own.
Technology Risk's (Tech Risk) mandate is to enable the Firm to manage its technology related risks. The department executes the first line of defense technology risk management capabilities and implements proactive, comprehensive and consistent risk management practices across the Firm.
Tech Risk protects the Firm?s information, systems and infrastructure from cyber and insider threats; ensures the secure and stable delivery of services to our clients; and adjusts to risks presented by an evolving threat landscape. The department delivers a range of operational capabilities, as well as suite of advanced detection, monitoring and analytics, and also provides expert advice on secure design and development and control effectiveness. Tech Risk manages responses to regulatory and client inquiries about the Firm?s technology environment and ensures Technology divisions meet governance and oversight obligations along all lines of defense, driving material and measurable risk reduction. Tech Risk maintains strategic relationships with external entities, both public and private, to facilitate information sharing and innovation in financial services, technology and government, and is also responsible for building risk education and security awareness programs to increase vigilance across the Firm.
Morgan Stanley?s Wealth Management Cybersecurity Team seeks a Cybersecurity Lead to cover the growing Shareworks/Morgan Stanley at Work platform.
The Wealth Management Cybersecurity Team provides highly tailored, business-focused cybersecurity advice, consultancy and service to the Wealth Management business and technology groups. This is often done by looking at systems through the lens of a cyber adversary?pinpointing and addressing vulnerabilities and supporting teams in designing, developing and deploying secure applications, systems and networks for employees and clients. To that end, the team works to optimize the efficacy of existing controls, leverage people, process and technology solutions and partner closely with other elements of Technology Risk and with the Wealth Management business.
In May 2019, Morgan Stanley completed the acquisition of Solium Capital Inc. (now rebranded as Shareworks by Morgan Stanley). With this acquisition, Morgan Stanley is an industry leader in providing financial solutions to the workplace, bringing together a major stock plan administration platform with its preeminent Wealth Management business.
The Cybersecurity Lead will drive security efforts for Shareworks within the team, particularly during this period of technical and business integration.
Responsibilities include, but are not limited to:
- Serving as a Subject Matter Expert for desktop, server, application, network and other security controls used to protect Shareworks business and technology assets.
- Creating and refining security-related alerts and analytics for Shareworks applications.
- Collaborating with business and technology partners to provide customized protection and testing of security controls as needed.
- Serving as an active participant in application architecture and design discussions to drive secure Software Development Lifecycle practices.
- Driving proactive protection of applications or application components within internet-facing websites.
- Championing security best practices with the Shareworks application and infrastructure community.
- Coordinating seamlessly with a virtual team spread across Calgary, New York, Baltimore and Asia.
Note: Significant travel between Calgary and New York is to be expected during the first six months of employment.
The ideal candidate is a self-motivated team player, committed to meeting deadlines while juggling multiple simultaneous projects.
- 7+ years of relevant cybersecurity experience
- Bachelors in Computer Science or Information Systems or related field
- 3+ years of experience working with geographically dispersed teams across multiple time zones
- Strong understanding of attack vectors for web applications and methods for defending against them
- Thorough understanding of web technologies and web architectures
- Solid understanding of SaaS (Software as a Service) technologies and architectures
- Working experience with agile methodologies
- Excellent English-language communication skills, both written and oral
- Excellent problem solving-skills
- Experience in development, deployment and testing of web user interface (UI) and web API services
- Exposure to Java, .NET and Linux
- Experience with Splunk or similar technologies, for the express purpose of generating alerts and analytics
- Experience with static code analysis, code review and system design
- Understanding of crypto libraries
- Prior work on client-facing websites in the banking/brokerage industry
- Experience with desktop security, especially working knowledge of modern Windows server and desktop configurations
- Experience identifying and remediating the use of vulnerable software libraries
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.