Company ProfileMorgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.Background on the PositionMorgan Stanley is seeking a strong IT Audit candidate to cover Cybersecurity and Information Security, Infrastructure and Business Continuity Planning supporting the Firm. Cybersecurity Auditors focus on the Cybersecurity controls for Business and Technology processes supporting the enterprise and are responsible for understanding, analyzing, and testing the controls including those over architecture and configuration, systems development, security and entitlements, production management and technology governance.Primary Responsibilities- Manage projects and supervise staff on audit assignments with primary focus on cybersecurity- Design and execute risk-based audit programs in order to assess the design and effectiveness of key technology and/or security controls for critical systems and processes.- Partner with Application and Business Auditors, and work collaboratively within a team- Maintain ongoing dialog with key stakeholders regarding risks identified and necessary improvements to the control frameworkSkills Required (essential)- Five or more years IT Audit experience- Experience in auditing interfaces, infrastructure, data processing and computer general controls- Strong understanding of industry standards such as the NIST Cybersecurity Framework, NIST 800-53, PCI-DSS,ISO 27001/02, CIS Top 20 Critical Security Controls (formerly SANS), and FFIEC- Understanding of the Cybersecurity Threat Landscape- Technical knowledge of IT systems, including:- Databases- Operating Systems (UNIX, Linux, Windows, z/OS, AS400)- Networking, including VPN, LAN, WAN, WLAN, Firewalls and associated hardware- Backup and Recovery systems- Middleware,- Virtualization and Cloud Technologies and Frameworks- Data Loss Prevention tools, Intrusion Detection and Intrusion Prevention tools- Vulnerability assessment and Pen Testing Tools- Tools such as Splunk, ArcSight, Fortify, AppScan, Kali Linux- Ability to handle multiple projects while meeting deadlines with minimal supervision- Build strong relationships with Technology clients- Strong written and verbal communication skills- Practical IT work experienceSkills Desired- Experience with Data Analysis using data mining tools- Familiarity analyzing results from Pen Testing and Vulnerability management Tools- Scripting and programming experience is beneficialEducation Requirements- Bachelor's Degree (Computer Science, Technology, Information Systems or related field)- CISA, CISSP, and/or CISM certifications are preferred- Offensive Security Certified Professional (OSCP), CSX-F certification, Certified Ethical Hacker (CEH) or similar certifications are desirable- Microsoft Technologies, Cisco Technologies, Azure, AWS certifications are a plusMorgan Stanley's goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently, our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, transgender, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).
