Business Analyst - Applied Security
Morgan Stanley is a global financial services firm and a market leader in investment banking, securities, investment management and wealth management services. With offices in more than 43 countries, the people of Morgan Stanley are dedicated to providing our clients the finest thinking, products and services to help them achieve even the most challenging goals.
As a market leader, the talent and passion of our people is critical to our success. We embrace integrity, excellence, team work and giving back.
The Technology division partners with our business units and leading technology companies to redefine how we do business in ever more global and dynamic financial markets.
Our sizeable investment in technology results in leading-edge tools, software, and systems. Our insights, applications, and infrastructure give a competitive edge to clients businesses and to our own.
Technology Information Risk (TIR)
Technology Information Risk (TIR) enables the Firm to manage risks through implementing proactive, comprehensive and consistent risk management practices which protect the franchise while capturing business opportunities. The TIR team partners with the business by ensuring that Technology understands how to manage, escalate and monitor risk.
The Applied Security Technical Lead is required to work in the Global Enterprise Security Solutions Team, providing the highest level of security consultancy and engineering support for core operating systems, infrastructure services and data security. The role will focus on the evaluation and analysis of technology and business use cases within the context of information security to ensure that ESS products and services comprehensively meet the firms- security and business requirements in accordance with firm policy, and that they are effectively adopted across the Tech & Data community.
The Applied Security Team provides a critical interface between external clients (including the diverse lines of business and peer technology teams) and the core engineering teams within ESS.
The role is suited to a platform engineer with strong experience of core operating systems, infrastructure services and end user computing requirements with a proven understanding in enterprise security. This role is primarily project based, with numerous activities to expand and enhance the services provided within the environment.
- Requirements Management - Develop detailed technical requirements specifications in support of the business and partner technology teams aligning requirements with policy, standards, regulations and engineering architectures.
- Roadmap, Release Planning and Lifecycles Management - Maintain security control 1-3 year roadmaps driving release schedules to ensure effective operationalization, prevent EOL (end of life), and compliance with PLC & SDLC policy.
- Provide consultancy services to other Cyber Security teams - to ensure that data protections are applied consistently where applicable across the technology stack.
- Adoption of products and services - Work across TIR (Tech & Info Risk) and EI (Enterprise Infrastructure) to enable & monitor customer product adoption Identify and work with Engineering & Operations to close gaps in existing product portfolio applying new solutions or, if necessary, introducing new requirements.
- Strategically align products and services - Broaden engagement with TIR and CTO to align roadmaps with TSA Partner with SecArch CN and EI for early access to new products requirements (e.g. Cloud and Mobile) Enable Policy compliance from day-1.
- Financial Management - Inform budgets and assist engineering and operations in resource planning Work with Business Management to understand and right-size TCO Work across BM and customers to ensure allocations to the business are transparent and defensible
- Candidates must be strong communicators, detail focused with a proven ability to realize business requirements as precise engineering system specifications.
- The role is an individual contributor with a clear set of responsibilities and controls and service ownership however being able to operate as part of a team is also critical.
- Prospective candidates would have a background in Information Security and Systems Management with a supporting industrial certification (e.g.: CISSP) and also be familiar with control assessment frameworks such as NIST and The Cloud Security Alliance. CISSP / CISM / CRISC are also desirable certifications
Company Type: Public Company
Company Size: 10,001+