Regulatory Red Team Program Lead, VP

Regulatory Red Team Program Lead, VP

3264912

Glasgow

Morgan Stanley's Cybersecurity Department is seeking an experienced Red Team Program Lead / GRC professional, to assist with the rollout of the global Regulatory Red Team Testing Program and further build out control maturity for all regions whilst monitoring its effectiveness.

The ideal candidate will have experience and be an enthusiastic change agent, with a passion for collaborative working across a global community of internal and external stakeholders of all seniorities. In this role, the candidate will be able to leverage their previous experience in the corporate financial sector (or other highly regulated environments) to shape the program, execute on strategic projects and run exercises.

The ability to understand the complex business and technology aspects of an organisation of this size and footprint as well as the regulatory landscape in various regions is of the essence.

The candidate will deliver on existing roadmaps, but also shape future program roadmaps whilst taking feedback onboard and running continuous improvement activities.

We are looking for a hands-on professional with a proven delivery track record and passion for promoting governance.

This is a delivery role at Vice President level, within the 1LOD Security Testing team which includes also the penetration testing function and is directly nestled under the global CISO.

In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Program Delivery Lead position at Vice President level which is part of the job family responsible for monitoring, detecting, and responding to security incidents to ensure the organization's systems and data are protected from actual and potential threats or breaches.

Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals.

What You’ll Do:

·         End to end coordination and delivery of sophisticated regulatory red team exercises, such as CBEST, iCAST or TIBER in a safe and compliant manner, including

o    Setting up projects and their required governance and guardrails

o    Identifying and agreeing scope

o    Risk management and oversight for exercises

o    Findings analysis and communication

o    Development of remediation plans with

·         Work closely with top-tier internal and external security experts for threat intelligence and incident response, to continuously evolve your strong offensive security skills and pushing the boundaries of cybersecurity innovation

·         Contribute to enhancing the Firm’s cybersecurity resilience

·         Provide expert SME input for stakeholders to scope new exercises and the team’s service offering.

·         Deputise for and support the head of the Global Function in leading and driving exercises in line with operational and business requirements, legislations and regulations

·         Drive skills of more junior colleagues and contribute to the capability development of controls, tools and systems

·         There are no line management responsibilities, however, the candidate will leverage internal and external partners to deliver.

#LI-KC1

These skills will help you succeed in this role:

·         Experience in delivering Regulatory Red Team / Simulated Attack testing projects such as CBEST, TIBER, iCAST or similar assessments, either as a consultant or in-house

·         High degree of ethical standards

·         Familiarity with the latest regulations and legislations (e.g. DORA TLPT), best practices and methodologies

·         Desire to grow and develop

·         Experience of leading and managing matrix teams of security professionals and senior business stakeholders

·         Strong analytical and report writing skills; with focus on quality and right 1st time

·         Effective organizational skills and an ability to manage multiple demands and changing priorities

·         Strong problem-solving skills and accurate, delivery focused mindset with high attention to detail.

·         Able to work effectively within a team but also as an individual contributor as needed

·         Excellent communication and interpersonal skills

·         Knowledge of Technology policies, Standards and Procedures and control writing skills.

·         Detailed understanding of risk and control management concepts, internal controls and industry technology risk management frameworks: such as ITIL, CobiT, and NIST, CCM CSA.

·         Ability to work and influence stakeholders effectively with all levels of the organization.

·         Degree qualification and relevant equivalent experience

·         Desired technical qualification - CISSP, CRISC, ITIL or equivalent experience

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. At our foundation are five core values — putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back — that guide our more than 80,000 employees in 1,200 offices across 42 countries.

At Morgan Stanley, you’ll find trusted colleagues, committed mentors and a culture that values diverse perspectives, individual intellect and cross-collaboration. Our Firm is differentiated by the calibre of our diverse team, while our company culture and commitment to inclusion define our legacy and shape our future, helping to strengthen our business and bring value to clients around the world. Learn more about how we put this commitment to action: morganstanley.com/diversity

We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.

Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

#LI-KC1