Security Engineering (Engineering)
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture. Division Profile
Technology & Operations Risk (TOR) is part of the Firm Resilience Cyber organization and manages operational and technology related risks on behalf of the Firm. The group's key principles are to provide proactive, comprehensive, and consistent risk management, to enable the execution of the Firm's strategy.
TOR's mandate is to enable the Firm to manage its technology and data related risks. The TOR team partners with the business by ensuring that Technology and Data understands how to manage, escalate, and monitor risk. Role Profile
This role is to lead the Asia Security Administration team to perform and continuously improve Privilege Access functions. This includes following and enhancing standard operation procedures automating processes and developing risk control tools. The Security Administration team administers multiple security and access management controls in the global infrastructure and serves as the central control function for Privileged Access Management. Responsibilities
- Lead Asia operation and engineering team to manage the Firm's central administration of privileged access to key infrastructure and applications.
- Responsible for the technical and data analysis aspects of a multi-phase project to review the security controls in place, and then develop tools and products that resolve the control gap and improve operation efficiency.
- Managing PA reporting and Assurance processes (custom development)
- Serve as an escalation point for Privileged Access ServiceNow requests during AP time zone
- Define information security metrics to demonstrate effectiveness of controls.
- Ownership of the regional risk findings and work with business units and risk officers towards the closure or risk acceptance of these findings.
- Provide oversight and coverage in Asia region for audit requests and regulatory exams for risk management.
- Ownership of the enterprise risk management framework of Asia region, ensuring consistency with global standards and compliance with local regulation for all risks arising from business activities. Provide status update of risk landscape in Technology Management Committees and advice on best practice for risk management.