Morgan Stanley is a global financial services firm and a market leader in investment banking, securities, investment management and wealth management services. With offices in more than 43 countries, the people of Morgan Stanley are dedicated to providing our clients the finest thinking, products and services to help them achieve even the most challenging goals.
As a market leader, the talent and passion of our people is critical to our success. We embrace integrity, excellence, team work and giving back.
The Technology division partners with our business units and leading technology companies to redefine how we do business in ever more global and dynamic financial markets.
Our sizeable investment in technology results in leading-edge tools, software, and systems. Our insights, applications, and infrastructure give a competitive edge to clients’ businesses—and to our own.
Technology Risk's (Tech Risk) mandate is to enable the Firm to manage its technology related risks. The department executes the first line of defense technology risk management capabilities and implements proactive, comprehensive and consistent risk management practices across the Firm.
Tech Risk protects the Firm’s information, systems and infrastructure from cyber and insider threats; ensures the secure and stable delivery of services to our clients; and adjusts to risks presented by an evolving threat landscape. The department delivers a range of operational capabilities, as well as suite of advanced detection, monitoring and analytics, and also provides expert advice on secure design and development and control effectiveness. Tech Risk manages responses to regulatory and client inquiries about the Firm’s technology environment and ensures Technology divisions meet governance and oversight obligations along all lines of defense, driving material and measurable risk reduction. Tech Risk maintains strategic relationships with external entities, both public and private, to facilitate information sharing and innovation in financial services, technology and government, and is also responsible for building risk education and security awareness programs to increase vigilance across the Firm.
Morgan Stanley is looking for a talented individual to join a team of information security experts responsible for protecting Firm, client, and employee sensitive/confidential data. The Incident Response team is responsible for managing the detection and reporting of information security and insider threat incidents, supporting all Firm Business Units. The Team coordinates with the Business Units, Legal, Corporate Security and IT to gather incident details, assess risk and assist with remediation, ensuring compliance to regulatory and Firm standards.
This is a non-technical role and the selected candidate will be located in Montreal, working with a global team of IT Security professionals.
- Conduct daily review, triage and escalation of detected, and user reported Insider Threat events
- Collect supporting information and relevant artifacts in support of Incident Response activities
- Utilize defined workflows to assess the severity of an incident, appropriate mitigation activities, communication across the organization, and ensure proper documentation is produced outlining the details of the incident
- Host calls with senior members of the Firm to develop quick response plans to information security incidents
- Work with relevant stakeholders to ensure that incident management is consistent across all parts of the business
- Proactively participate in the continuous review of information security incidents and root causes, in order to highlight control gaps across the organization or process gaps within the team
- Provide general Information Security advisory services to key stakeholders across the Firm as required
- Participate in various projects related to operational improvements and tooling
- Provide on call and out of hours support
- 5-7 years of experience in a similar role or working knowledge of Incident Management, Information Security, or Data Privacy
- Bachelor Degree or Equivalent in a related field
- Ability to analyze data to look for anomalies or appropriately identify potential risk issues requiring further escalation
- Ability to handle sensitive situations with discretion and maintain confidentiality
- Very strong verbal and written English communications skills
- Ability to handle multiple competing priorities, while maintaining attention to detail
- Strong working knowledge of Microsoft Office (Excel, PowerPoint, and Visio)
- Excellent interpersonal skills
- Flexible and self-motivator
- Working knowledge of incident tracking or case management solutions, and DLP detection products
- Knowledge or experience in supporting Insider Threat mitigation strategies
- Technical or Information Security Certifications (e.g. CISM, CRISC, CISSP)
Knowledge of French and English is required.
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.