Morgan Stanley is a global financial services firm and a market leader in investment banking, securities, investment management and wealth management services. With offices in more than 43 countries, the people of Morgan Stanley are dedicated to providing our clients the finest thinking, products and services to help them achieve even the most challenging goals.
As a market leader, the talent and passion of our people is critical to our success. We embrace integrity, excellence, team work and giving back.
The Technology division partners with our business units and leading technology companies to redefine how we do business in ever more global and dynamic financial markets.
Our sizeable investment in technology results in leading-edge tools, software, and systems. Our insights, applications, and infrastructure give a competitive edge to clients’ businesses—and to our own.
Technology Risk's (Tech Risk) mandate is to enable the Firm to manage its technology related risks. The department executes the first line of defense technology risk management capabilities and implements proactive, comprehensive and consistent risk management practices across the Firm.
Tech Risk protects the Firm’s information, systems and infrastructure from cyber and insider threats; ensures the secure and stable delivery of services to our clients; and adjusts to risks presented by an evolving threat landscape. The department delivers a range of operational capabilities, as well as suite of advanced detection, monitoring and analytics, and also provides expert advice on secure design and development and control effectiveness. Tech Risk manages responses to regulatory and client inquiries about the Firm’s technology environment and ensures Technology divisions meet governance and oversight obligations along all lines of defense, driving material and measurable risk reduction. Tech Risk maintains strategic relationships with external entities, both public and private, to facilitate information sharing and innovation in financial services, technology and government, and is also responsible for building risk education and security awareness programs to increase vigilance across the Firm.
The Firm's Insider Threat team is seeking a Data Loss Prevention (DLP) analyst. In this new role you will be responsible for understanding, developing and implementing enterprise wide Information Protection strategies that balance security and business requirements while protecting our brands, reputation, operating environment, and intellectual property.
The DLP team works with various stakeholders to identify the Firm's needs with regards to data leakage controls, and coordinates the implementation of these controls. The team coordinates with Cyber, Technology, Business Units, Legal, and Corporate Security to gather business requirements, assess risk, ensure adherence to local regulations, and assess resource availability across the teams impacted by the implementation of controls in the environment.
- Determine and implement appropriate data leakage controls and DLP policies, as well as the placement of such, to satisfy business and regulatory and audit requirements
- Responsible for the development of DLP policies and rules from start to finish (i.e. requirements gathering, ruleset creation, analysis, tuning, approvals, etc.) using the Symantec DLP suite (Email, Web, and Endpoint)
- Design, evaluate, implement, and roll out DLP policies covering cloud applications systems (Microsoft Cloud App Security)
- Compile and validate statistical data to be used to determine the viability of implementing specific data leakage controls in the production environment
- Responsible for the management, advanced configuration, monitoring, and fine tuning of technologies used to support bulk email, document tagging, and encryption implementation across the firm
- Be a subject matter expert for DLP controls working directly with other functional and business teams to drive information protection initiatives
- Collaborate with stakeholders and partner teams on the planning, implementation, and rollout of DLP programs and solutions.
- Drive the ongoing review of data leakage controls, policies, and processes
- Work with Incident Response teams to identify and enhance data leakage controls in response to incidents to generate and maintain email, endpoint and web monitoring policies
- Support the administration and maintenance of existing data leakage controls and policies in response to changes in local regulation, organizational structure, or business needs
- 5+ years’ experience in the field of Information Security within the Financial Services domain
- 2+ years’ experience in administration of the Symantec DLP suite including configuration of policies to monitor and/or prevent sensitive data (client information, Firm propriety source code, MNPI, etc.) from being inappropriately disclosed while in-use (endpoint action) and in-motion (network traffic and email)
- 2+ years’ experience with cloud access security broker technology (Microsoft Cloud App Security)
- 2+ years’ experience with tagging technology (Azure Information Protection)
- 2+ years’ experience with data analytics tooling such as Splunk or Qlikview
- Experience in metadata tagging and activity monitoring, applied cryptography, and event and log correlation. You are able to distill complex problems and drive toward creative solutions.
- Comprehensive understanding of data security methodologies, technologies, and best practices
- Strong interpersonal skills and ability to communicate effectively to gain respect and influence senior management and external executives (ex: clients, partners, business leaders, peers, executives, etc.)
- Strong communication skills with ability to react quickly in high-intensity, difficult situations involving internal and external executives. Ability to communicate complex issues to stakeholders
- Ability to understand drivers and priorities, with regard to business and regulatory requirements
- Ability to work on multiple projects at the same time, comfortable with dealing with and challenging ambiguity
- Ability to handle sensitive matters with discretion and maintain confidentiality
- A strategic thinker who is able to balance short and long term deliverables
- Excellent written English skills
- Bachelor’s degree in a technical domain required with a Master’s degree in Information Systems Security or similar preferred
Knowledge of French and English is required.
Salary offered: $85,000 to $100,000 per year
Benefits offered: A corporate medical, dental and life insurance as well as short-term and long-term disability insurance plans, 4 weeks of vacation per year, 6% RRSP matching up to an annual cap of $8,000.
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.