Data Security Risk Controls Analyst
- Full-Time
- New York, NY
- Morgan Stanley
- Posted 1 year ago – Accepting applications
Job Description
Data Security Risk Controls Analyst
The End User Security Team is part of the Data Security group. Its mission is to implement preventative and detective controls to reduce the risk of intentional and unintentional data leakage from WM employees and contingents.
The Data Security group seeks an Associate to support its efforts to ensure that sensitive WM data is protected at every point in its lifecycle. As the Firm embraces new technologies and integrates its recent acquisitions, a host of new risks as well as new opportunities present themselves. The Data Security group provides internal expertise for business stakeholders to properly understand these tradeoffs, establish effective control requirements, monitor and validate such controls, and evaluate a highly variable threat landscape to properly calibrate a security posture.
Key responsibilities include, but are not limited to:
Apply to this Job
Job Number:
3220634
POSTING DATE: Jul 28, 2022 PRIMARY LOCATION: Americas-United States of America-New York-New York EDUCATION LEVEL: Bachelor's Degree JOB: Wealth Management EMPLOYMENT TYPE: Full Time JOB LEVEL: AssociateDESCRIPTION
The Data Security and Infrastructure Risk Team sits within the Wealth Management (WM) Risk organization and strives to find the right balance between risk management and business enablement. The team works to ensure that our clients’ sensitive PII (Personally Identifiable Information) is stored and replicated securely, used properly, and accessed by only authorized individuals and for authorized purposes. The group also helps WM meet or exceed Firm and regulatory standards by applying additional controls in areas such as: Access Management, Business Resilience and Stability, and Vendor Risk. Finally, through client and workforce education and engagement, the team provides resources to help protect our employees and clients from cyber-enabled fraud and data loss.The End User Security Team is part of the Data Security group. Its mission is to implement preventative and detective controls to reduce the risk of intentional and unintentional data leakage from WM employees and contingents.
The Data Security group seeks an Associate to support its efforts to ensure that sensitive WM data is protected at every point in its lifecycle. As the Firm embraces new technologies and integrates its recent acquisitions, a host of new risks as well as new opportunities present themselves. The Data Security group provides internal expertise for business stakeholders to properly understand these tradeoffs, establish effective control requirements, monitor and validate such controls, and evaluate a highly variable threat landscape to properly calibrate a security posture.
Key responsibilities include, but are not limited to:
- Act as a key member of the Data Security End Users (DSEU) team
- Oversee the risk acceptance (RA) process as follows:
- Work with WM business stakeholders to identify and document standing risks
- Document mitigating controls and residual risk levels
- Prepare risk acceptance slides for approval
- Manage risk acceptance lifecycle from proposal to approval/re-approval to RA closure
- Maintain detailed tracking of WM risk acceptances and prepare governance materials and metrics
- Support the WM incident response management process to ensure information security incidents are assessed, prioritized, contained, mitigated, and documented
- Analyze incident response as well as other risk metrics to identify business practices that may drive risk to WM data
- Engage WM business units to re-engineer high-risk business processes or implement supplementary controls to ensure the business is operating in a secure manner
- Create reporting, metrics, and documentation on risk acceptances and risky business processes, as well as present findings to team and leadership on a routine basis
- Draft and update security training materials to ensure awareness of security best practices across the WM organization
- Draft and update internal procedure material governing the risk oversight and mitigation activities of the WM DSEU team
- Identify, raise, and discuss information security requirements and resolve any issues in partnership with the Firm's technology and security organizations
QUALIFICATIONS
- Bachelor's degree
- 3+ years of relevant risk management and cyber/information security experience
- Strong writing skills with an ability to summarize complex problems succinctly
- Intrinsic curiosity and an eagerness to learn new technologies and skills
- Understanding of information security, computer systems, network technologies, mobile devices, and peripherals (e.g., monitors, keyboards, printers, etc.)
- Ability to analyze a high volume of data and work in a fast-paced environment
- Strong organization and time-management skills, with the ability to swiftly transition between projects and tasks
- Ability to work independently and possess a strong sense of accountability/ownership
- Attention to detail, strong analytical, quantitative, and investigative problem-solving abilities
- Must be results-oriented and have a proactive approach to solving issues
- Knowledge of the financial services industry; preferably in Wealth Management, finance, operations, or technology