Morgan Stanley is a global financial services firm and a market leader in investment banking, securities, investment management and wealth management services. With offices in more than 43 countries, the people of Morgan Stanley are dedicated to providing our clients the finest thinking, products and services to help them achieve even the most challenging goals.
As a market leader, the talent and passion of our people is critical to our success. We embrace integrity, excellence, team work and giving back.
The Technology division partners with our business units and leading technology companies to redefine how we do business in ever more global and dynamic financial markets.
Our sizeable investment in technology results in leading-edge tools, software, and systems. Our insights, applications, and infrastructure give a competitive edge to clients’ businesses—and to our own.
Technology Risk's (Tech Risk) mandate is to enable the Firm to manage its technology related risks. The department executes the first line of defense technology risk management capabilities and implements proactive, comprehensive and consistent risk management practices across the Firm.
Tech Risk protects the Firm’s information, systems and infrastructure from cyber and insider threats; ensures the secure and stable delivery of services to our clients; and adjusts to risks presented by an evolving threat landscape. The department delivers a range of operational capabilities, as well as suite of advanced detection, monitoring and analytics, and also provides expert advice on secure design and development and control effectiveness. Tech Risk manages responses to regulatory and client inquiries about the Firm’s technology environment and ensures Technology divisions meet governance and oversight obligations along all lines of defense, driving material and measurable risk reduction. Tech Risk maintains strategic relationships with external entities, both public and private, to facilitate information sharing and innovation in financial services, technology and government, and is also responsible for building risk education and security awareness programs to increase vigilance across the Firm.
Morgan Stanley is currently undergoing a transformation as we look to move more workloads to the public cloud and modernize our information technology stack. This is a unique opportunity to grow with a world class organization as the industry undergoes a technology revolution.
The Cloud Security Chapter (CSC) reports into the head of the Cloud Security Architecture (CSA) and is part of the Technology & Operations Risk (TOR) organization.
The mission of the CSC team is to conduct comprehensive security evaluations of current and emerging cloud technologies to be used in the Firm.
This highly leveraged internal position within Morgan Stanley's IT Security organization has excellent growth potential. The Cloud Security Chapter team works with IT groups on a global basis to ensure that IT projects are executed using secure and approved patterns. When these patterns do not exist, they will work with the Cloud Security Architecture team to create these patterns.
This role requires hands-on experience in cloud, application and/or infrastructure security, technology risk management in a highly regulated environment as well as great organizational and communication (verbal and written) skills.
- Provide security expertise to engineering and development teams, acting as a project team member providing consulting advise ensuring security requirements are integrated in the project.
- Create documentation and guidance on the secure implementation of new technologies in the firm. This involves liaising with other technology subject matter experts to build consensus, outlining areas of improvement in written form and explaining concerns early on.
- Identify areas of risk on projects where security requirements cannot be fully addressed in the required time frame of the project.
- Document and present those risks to senior business, IT and Security team members.
- Help identify areas of security the firm might want to invest in improve IT security.
- Product security case reports to document and highlight specific risks along with potential mitigations.
Skills Required :
- 5 to 8 years of information security experience
-Bachelor Degree in Computer Science or related field
- 2+ years Hands-on experience with popular Cloud Vendors and technologies such as Amazon Web Services, Microsoft Azure.
- Ability to write documentation for all types of audiences, from very specific technical guides to higher level research on technologies and vendors.
- Experience in an information security (application and/or infrastructure) role in an enterprise environment.
- Demonstrated ability to see through sales pitches to find inconsistencies and omissions to quickly identify the most effective areas to look for controls gaps, and the technical ability to follow through.
- Excellent communication / interpersonal skills to be able to interact at all levels & be effective as part of a broader team, capable of taking broad objectives and create and execute a concrete plan
- Ability to manage expectations and handle high-pressure situations with tight deadlines
- Experience with technologies for protecting data at rest and in transit along with key proper management practices.
- Experience with PKI
- Experience with Modern Authentication Technologies such as OAuth2, OpenID Connect and SAML 2.0
- Experience with Docker or other Linux Container technologies
- Experience with Kubernetes or similar workload orchestration
- Knowledge of traditional network technologies, such as firewalls, NAT, Load balancers, and web proxies
- Experience with Software Defined Networking Technologies
- Experience with infrastructure as code tools, such as Hashicorp Terraform
- Experience with CI/CD pipelines (re: automation)
- Knowledge of traditional security concepts such as patch/vulnerability management, input validation, authentication, authorization
Knowledge of French and English is required.
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.
Spotlight on our Montreal Technology Centre: https://www.youtube.com/watch?v=oo5GaXpCwKs
*Video dated October 2019.