Tech Risk Testing Director

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

The cornerstone of Morgan Stanley's risk management philosophy is the execution of risk-adjusted returns through prudent risk-taking that protects Morgan Stanley's capital base, liquidity and franchise. Non-Financial Risk (NFR) refers to the risk of actual or potential economic, reputational, regulatory, financial reporting and client impact, resulting from inadequate or failed internal processes, people, and systems, or from external events impacting the full scope of its business activities, including revenue-generating activities and infrastructure groups.

NFR is part of the Second Line of Defense providing independent oversight and challenge to management across compliance and operational risks. Given the nature and breadth of operational risk, operational risks are managed at multiple levels e.g. Firmwide, as well as Regional, Business Unit, Infrastructure Group, Control Function and Legal Entity.

The NFR Cyber, Technology and Information Security (CTIS) Department is focused specifically on managing cyber, technology and information security risks. NFR CTIS brings together rules management, standard setting, assessing risk, process and controls by technology domains, advising the business, and an oversight and testing function to provide a comprehensive risk management decision for cyber, technology and information security related risks. Cybersecurity, Information Security and Technology risk management is critical to ensure the confidentiality, integrity and availability of Firm Information, Systems and Assets.

Cybersecurity risk refers to managing and protecting the Firm's information assets and operations from cyber threats, e.g., cyber events or attacks resulting from inadvertent or intentional acts involving deception, falsification, destruction, etc. Information Security risk refers to protecting the confidentiality, integrity and availability of Firm's information and systems, e.g., internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of confidential information and systems.

Technology risk refers to ensuring and protecting the availability, stability, capacity and recovery capabilities of the Firm's key systems, e.g., loss, damage or business disruption resulting from inadequate or failed processes, people and systems or from external events.

Morgan Stanley is seeking a Risk professional to join the Non-Financial Risk Cyber, Technology and Information Security (NFR CTIS) Testing Team based in Alpharetta.

• Assist in the development and maintenance of the annual technology testing plan.
• Develop and deliver engagement announcements.
• Lead engagement kickoff meetings for stakeholders; lead periodic engagement progress updates.
• Execute and document test activities in test work papers. Test activities may include process deep dives, control design reviews, control effectiveness tests, or outcome-based tests.
• Test execution fieldwork-Perform test activities in accordance with 2L NFR testing standards.
• Interview stakeholders, request and review pertinent policies, standards, procedures, KRI metrics, and other documents, and walk through relevant processes and control environments.
• Develop test scripts and recipe cards.
• Request and validate receipt of relevant data and samples for testing.
• Execute and document test activities in test work papers.
• Identify and elevate potential test findings.
• Propose action plans and remediation requirements.
• Prepare test reports.
• Track and confirm completion of action plans and their remediation requirements.
• Remain current on industry rules, regulations and best practices to make recommendations to the testing program.

• Bachelor of Science required with a concentration in Computer Science or Information Technology.
• 8+ years audit/risk/compliance experience in the financial services industry, a regulator, or a self-regulatory organization.
• Experience leading and conducting Technology reviews.
• Investigative skills - inquiry and analysis, interviewing, testing, risk assessment capabilities.
• Ability to research and resolve issues independently while working across teams to acquire information.
• Risk Management Knowledge - strong understanding of financial industry risk and…