*We offer: *

• To work with some of the best professionals in the business - for a firm that values individual intellect as much as teamwork • State-of-the-art offices that are designed to maximize collaboration • Flexible working arrangements • Enriching challenges that provide opportunity for constant learning and advancement • An environment which is leveraging technology to its highest potential

*Team Profile: *

Technology Risk's (Tech Risk) mandate is to enable the Firm to manage its technology related risks. The department executes the first line of defense technology risk management capabilities and implements proactive, comprehensive, and consistent risk management practices across the Firm.

Tech Risk protects the Firm’s information, systems, and infrastructure from cyber and insider threats; ensures the secure and stable delivery of services to our clients; and adjusts to risks presented by an evolving threat landscape. The department delivers a range of operational capabilities, as well as suite of advanced detection, monitoring and analytics, and also provides expert advice on secure design and development and control effectiveness. Tech Risk manages responses to regulatory and client inquiries about the Firm’s technology environment and ensures Technology divisions meet governance and oversight obligations along all lines of defense, driving material and measurable risk reduction. Tech Risk maintains strategic relationships with external entities, both public and private, to facilitate information sharing and innovation in financial services, technology, and government, and is also responsible for building risk education and security awareness programs to increase vigilance across the Firm.

Position Description:

The Continuous Controls Monitoring (CCM) team is part of Technology Controls Group, within the Technology and Operational Risk organization.

The objective of Continuous Controls Monitoring (CCM) program is to provide a structured and consistent process to enable near real-time monitoring of Technology Policy Control implementations across the firm, identify control failures and respond to them. Technology controls ensure the confidentiality, integrity, and availability of the Firm's data, infrastructure, and systems in on-premises and off-premises (cloud) environments. CCM provides continuous visibility into control weaknesses and demonstrates compliance with laws, rules, and regulations.

The successful candidate will join the Continuous Controls Monitoring (CCM) team and be part of the Control Measurement team. Control Measurement is one of the core components of CCM which quantifies and reports on the implementation correctness and/or operating efficiency of Technology controls. The Control Measurement team translates Technology Policy controls into clear and specific Metric definitions which identifies the implementation details, tools, evidence, metrics, etc. for data acquisition, analysis, and reporting of Control effectiveness. The team works closely with Control implementors, product owners, architects, and engineers.

Role responsibilities include:

• Establish and document Industry Standard and Regulatory expectation aligned Control metric definition for Technology controls by engaging with various Stakeholders. • Engage with Technology Policy team to ensure Control Measurement/Metric requirements are met through Policy design/update process. • Partner with various Metric consumers to establish Reporting framework meeting their requirements. • Partner closely with CCM Data acquisition and tooling team for successful implementation of metrics

Required Skills:

• 6 years of experience in information security or/and information technology • Hands-on experience with technology or cybersecurity control implementations • Bachelor’s degree in Information Technology, Cybersecurity or Computer Science • Ability to define metrics/ Key Control Indicators to show control implementation completeness • Strong business acumen and a strategic mindset • Experience working with and understanding the needs of customers or clients • Strong interpersonal skills, to interact at all levels and be effective as part of a broader team • Ability to manage expectations and handle high-pressure situations with tight deadlines • Proven analytical skills decision-making ability based on quantitative and qualitative data

Skills Desired:

• Knowledge of various domains of Technology control • Knowledge of Public cloud technology • Knowledge of security concepts and tools around Identity & Authentication, Data • Security, System security, Network Security and Application security • Knowledge of security logging, monitoring, and incident response • Financial industry experience • Cybersecurity/ Information Security certifications such as CISSP

*About us: *

Morgan Stanley is a global financial services firm and a market leader in investment banking, securities, investment management and wealth management services. At Morgan Stanley Montreal, we are shaping the future of our global business and contributing to our local community. Our team works across numerous areas.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.

All our positions are located in Montreal, Quebec. We offer a hybrid work environment, combining remote work and attendance in the office.

Knowledge of French and English is required.

Build a career with impact. Visit morganstanley.com for more information.

Job: *Risk Management

Title: *Senior Cyber Control Specialist (Hybrid) *

Location: Canada-Quebec-Montreal

Requisition ID: 3250665