Senior Technology Regulatory Risk Analyst
New York , New York
April 10, 2017
Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Technology works as a strategic partner with Morgan Stanley business units and the world's leading technology companies to redefine how we do business in ever more global, complex, and dynamic financial markets. Morgan Stanley's sizeable investment in technology results in quantitative trading systems, cutting-edge modelling and simulation software, comprehensive risk and security systems, and robust client-relationship capabilities, plus the worldwide infrastructure that forms the backbone of these systems and tools. Our insights, our applications and infrastructure give a competitive edge to clients' businesses-and to our own.

Technology Information Risk (TIR)
TIR's mandate is to enable the Firm to manage its technology and data related risks through implementing proactive, comprehensive, and consistent risk management practices across the Firm to protect the franchise while capturing business opportunities. The TIR team partners with the business by ensuring that Technology understands how to manage, escalate and monitor risk.

Position Description
The Technology & Information Risk department is seeking an experienced Technology Risk professional to join a small, global team responsible for managing responses to regulatory, audit, and client requests and monitoring resolution of regulatory and audit findings. This includes coordinating technology related regulatory examinations as well as ad hoc requests for information and meetings.

The Regulatory, Audit, and Client Engagement Team fulfills the following responsibilities for the Technology & Data organization:
- Provides transparency to Technology & Data Senior Management about the status of:
- fulfilling all technology related regulatory and audit requests received
- progress with remediating regulatory and audit findings
- Ensure responses to technology related regulatory and audit requests are fulfilled efficiently, consistently, accurately, and timely
- Maintains an archive of regulatory responses to technology related requests
- Facilitates timely closure of technology related regulatory and audit findings by advising on remediation plan development and execution

- Regular interaction with senior managers and organizational partners including Technology & Data, Regulatory Relations, Operational Risk, Compliance, Legal, and Internal Audit.
- Analyze requests to define the response required, establish response deadlines, and identify impacted technology personnel that will supply and approve the response content
- Mobilize the response effort by notifying impacted personnel and scheduling response preparation meetings
- Serve as a subject matter expert on technology controls, risk management processes and associated regulatory requirements
- Collaborate with personnel tasked with preparing responses to technology-related requests to ensure the common goal of an accurate and timely response
- Collect responses and review them to ensure they are responsive to the request
- Obtain management approval on exam request response
- Liaise with owners of regulatory and audit findings providing advice throughout the finding lifecycle including remediation plan development, execution, and closure.
- Maintain the archive of responses to technology-related requests
- Organize and host exam status meetings with content providers and Subject Matter Experts.
- Prepare status reports for technology related requests that will be used in Technology & Data Senior Management regular reporting

Skills Required
Thorough knowledge of:
- Regulatory requirements and technology risk management processes including technology governance, information security, business continuity planning, systems development, project management, and supplier management
- Regulatory supervisory processes
- AICPA Statement on Standards for Attestation Engagements (SSAE) No. 16
- Solid understanding of regulatory supervisory processes.
- Sound understanding of risk assessment methodologies, internal controls and industry technology risk management frameworks such as NIST, ITIL, CobiT, and ISO 27001
- Strong analytical skills required to enable independent research and accurate
- Experience with applying the principles outlined in the Federal Financial Institutions Examination Council (FFIEC) Technology Handbooks
- Strong organizational skills and an ability to manage multiple demands and changing priorities.
- Outstanding communication and interpersonal skills
- Ability to draft high quality written products that are comprehensive, accurate, and tailored to the audience

Skills Desired
- Prior experience in a federal regulatory agency as a bank examiner specializing in operational risk or information technology is strongly desired
- Technology audit or risk management background in a highly complex financial institution
- Industry Certification such as CISA, CISSP, CISM, CRISC
- Solid understanding of IT/Cybersecurity tools & practices
- Industry Certification such as CISA, CISSP, CISM, CRISC

A little about us:
Since its founding in 1935, Morgan Stanley and its people have helped redefine the meaning of financial services.

Know someone who would be interested in this job? Share it with your network.