EMEA Lead for Cyber/Technology/Information Security Operational Risk Job Number: 3226498Posting Date: Dec 16, 2022Primary Location: Europe, Middle East, Africa-United Kingdom-United Kingdom-LondonEducation Level: Bachelor's DegreeJob: Operational RiskEmployment Type: Full TimeJob Level: Executive Director DescriptionRole: EMEA Lead for Cyber/Technology/Information Security Operational Risk. Level: Executive Director Location: London Firm Risk Management Firm Risk Management (FRM) supports Morgan Stanley to achieve its business goals by partnering with business units across the Firm to realize efficient risk-adjusted returns, acting as a strategic advisor to the Board and protecting the Firm from exposure to losses as a result of credit, market, liquidity, operational, model and other risks. Background on the Position Morgan Stanley has an opening for an Executive Director as EMEA Lead for Cybersecurity, Technology, and Information Security (CTIS) Risk Oversight within the Operational Risk Department. The focus of the team is to help manage CTIS related risks with the region, supporting legal entities and lines of business with a particular focusing on overseeing the management of risks relating to the confidentiality, availability and integrity of the Firm's systems and information. The successful candidate will be responsible for helping execute independent oversight, analysis, and monitoring of risks and controls as it relates to Firm's use of technology and associated cybersecurity and information security risks. Primary Responsibilities > Oversight Function Lead a team to drive the overall end-to-end assessment of the sufficiency of existing control functions to meet the threats by building and executing necessary regional and Global activities across CTIS: > Risk Identification: Identify and assess risks related to the information and systems supporting Firm activities globally with a specific focus on cloud and data protection technologies such as encryption. This will include an analysis of CTIS incidents and technology metrics for refactoring, pattern analysis and early identification of risk. > Risk Measurement: For identified risks, assess magnitude and plausibility of the risks to lead to business consequences by executing bespoke regional and Global capabilities to understand linkages between threats and consequence. This will include RCSA oversight of technology related issue aligned to the legal entity and lines of business as well as the development and execution of scenario analysis for capital planning. > Risk Governance: Participate in relevant (or in scope) governance, steering, and working group committees and review metrics and escalation reports to monitor risk and control-related developments, issues, and trends. Provide regular updates to EMEA Senior and Executive Management on all issues related to CIS issues and CTIS Top Operational Risks. > Risk Monitoring: Review and develop metrics in conjunction with technology for CTIS risks. This should include KRI, KPI and baseline control measurements. In addition, qualitatively assess industry and the external threat environment baselining against the firm's security controls to monitor risk and control-related issues and trends in the management of technology and cybersecurity risk > Threat/Control Assessments Work with 1LOD teams to qualitatively and quantitatively assess whether cybersecurity activities and technology controls are designed and implemented effectively to verify that threats are countered, and risks are mitigated to targeted levels > Relationship Management Liaise and work with EMEA and Global Control Function owners and Risk Managers in providing Operational Risk Coverage / Cyber Risk Coverage > Advisory Services Provide guidance on the evolving technology and cybersecurity risk landscape to regional and global senior and executive leadership in risk management, technology, and the business units. > Policy & Procedures - Maintain and or oversee relevant policies and procedures related to technology and security processes and ensure that the firm remains compliant with these policy objectives QualificationsExperience Required> Bachelor's Degree or equivalent> Minimum of 12 years' worth of technology and/or cybersecurity related work experience, preferably in the financial services industry> Experience in running regional / global Teams with a distributed reporting line.> Experience in a 1st Line of Defense role with exposure to managing risks and controls relating to cyber technology and information security> Experience with Cloud technologies and a familiarity with regional regulatory requirements> Experience in Risk Management, and preferably with fluency in Operational and or IT Risk> Proficiency in computer network defense, software programming, technology integration, computer science, or related fields> Confidence to take ideas forward and to challenge others, where appropriate, with experience in management by influence, facilitating and gaining consensus > Strong analytical and problem-solving skills> Excellent communication skills, both verbal and written; ability to produce concise and effective presentations tailored to technical and non-technical audiences> Ability to work independently in a self-directed way in a collaborative, team-oriented environment> Strong organizational skills with an interest in working in a fast-paced environment, often balancing multiple high priority deliverablesFRM is committed to creating and providing opportunities that enable our workforce to reflect diverse backgrounds and views.