Policy Specialist - Risk & Remediation - TIR

  • Competitive
  • Glasgow, Scotland, United Kingdom Glasgow Scotland GB
  • Permanent, Full time
  • Morgan Stanley
  • 18 Aug 18 2018-08-18

See job description for details

Company Profile :
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Department Profile:
The mission of the Global Technology Department is to provide a highly reliable and commercial technology platform, which supports the Firms strategy, delivered by an innovative, world-class team of professionals.

Technology & Information Risk (TIR) is part of the Global Technology organization. Its mission is to enable proactive, comprehensive, and consistent technology and information-related risk management practices across the Firm and to protect Firm information, systems, and associated infrastructure from Cyber Threats

Team Profile:
A position is available within the Morgan Stanley Global Risk Governance group for a Policy Specialist in the Global Technology, Cyber and Information Security Policy Management Team. This is an excellent opportunity for a candidate who is ambitious, experienced, and highly-skilled to join a dynamic global function in our Glasgow office.

The team is responsible for policy development, maintenance, socialisation and advisory services, as well as mappings to regulatory requirements and risk management objectives. The team develops new and existing policies and procedures based on development requests approved by senior policy coverage area owners, managing the full end-to-end lifecycle of development requests to final governance approvals.

Primary Responsibilities:

The primary focus of the role is:

- Initial Research/Scoping of new Policy/Standards Requests - Working with various Program Leads and other subject matter experts across Technology Divisions, the person will be responsible for owning the process of initial research and scoping of new Policy/Standards requests.
- Drafting of Policies & Standards - The person will be responsible for drafting of new Policy/Standards content including:
- Identification of subject matter experts and other interested parties to be involved
- Executing (or facilitating delegation) of initial drafting of Policy/Standards content
- Facilitating review/discussion workshops in order to finalize content
- Presenting final recommendations to senior management (CIO/COO level engagement)
- Liaison with Technology divisions on Standards implementation - Liaising with divisional leads on aspects of Policy/Standards implementation (e.g. on the development of Division specific procedures as required).
- In addition to business analysis and project management skills this role also require the successful candidate to be able to make pragmatic changes to key Policies, Standards and Procedures along with business process definitions and Terms of Reference documents


Skills required (essential):
- Proven written and verbal communication skills - to the level of being able to interact directly with senior management.
- Experience of policies and standards programs.
- Proven analytical skills.
- Strong awareness of industry standards, best practices and regulatory expectations in respect to technology.
- Aptitude for technology and strong understanding of technology concepts and terminology.
- Organizational skills as reflected through a methodical/organised approach to analysis and documentation and the ability to manage multiple tasks simultaneously.
- Significant discretion and respect for confidentiality of sensitive information.
- Proficiency in Microsoft Office suite.
- Proactive self-starter who can identify opportunities for improvement and operate autonomously.
- Demonstrates good judgment.
- Desired Skills

Skills Desired:
- Hands on technical experience (e.g. software development, infrastructure support).
- Experience of Archer workflows
- Any of the below (or industry equivalent) would be of benefit:
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- Certified in the Governance of Enterprise IT (CGEIT)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified Internal Auditor (CIA)

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.*LI-AM2