Job Description - Regulatory Red Team Program Lead, VP (3264912)
Job Number:
3264912 Posting Date:
Jan 21, 2025 Primary Location:
Europe, Middle East, Africa-United Kingdom-Glasgow Education Level:
Bachelor's Degree Employment Type:
Full Time Job Level:
Vice President Description: Morgan Stanley's Cybersecurity Department is seeking an experienced Red Team Program Lead / GRC professional to assist with the rollout of the global Regulatory Red Team Testing Program and further build out control maturity for all regions whilst monitoring its effectiveness. The ideal candidate will have experience and be an enthusiastic change agent, with a passion for collaborative working across a global community of internal and external stakeholders of all seniorities. In this role, the candidate will be able to leverage their previous experience in the corporate financial sector (or other highly regulated environments) to shape the program, execute on strategic projects, and run exercises. The ability to understand the complex business and technology aspects of an organization of this size and footprint, as well as the regulatory landscape in various regions, is of the essence. The candidate will deliver on existing roadmaps but also shape future program roadmaps whilst taking feedback onboard and running continuous improvement activities. We are looking for a hands-on professional with a proven delivery track record and passion for promoting governance. This is a delivery role at Vice President level, within the 1LOD Security Testing team which includes also the penetration testing function and is directly nestled under the global CISO. What You’ll Do: End to end coordination and delivery of sophisticated regulatory red team exercises, such as CBEST, iCAST or TIBER in a safe and compliant manner, including: Setting up projects and their required governance and guardrails Identifying and agreeing scope Risk management and oversight for exercises Findings analysis and communication Development of remediation plans Work closely with top-tier internal and external security experts for threat intelligence and incident response to continuously evolve your strong offensive security skills and push the boundaries of cybersecurity innovation. Contribute to enhancing the Firm’s cybersecurity resilience. Provide expert SME input for stakeholders to scope new exercises and the team’s service offering. Deputise for and support the head of the Global Function in leading and driving exercises in line with operational and business requirements, legislations, and regulations. Drive skills of more junior colleagues and contribute to the capability development of controls, tools, and systems. There are no line management responsibilities; however, the candidate will leverage internal and external partners to deliver. Qualifications: Experience in delivering Regulatory Red Team / Simulated Attack testing projects such as CBEST, TIBER, iCAST or similar assessments, either as a consultant or in-house. High degree of ethical standards. Familiarity with the latest regulations and legislations (e.g. DORA TLPT), best practices, and methodologies. Desire to grow and develop. Experience of leading and managing matrix teams of security professionals and senior business stakeholders. Strong analytical and report writing skills; with focus on quality and right 1st time. Effective organizational skills and an ability to manage multiple demands and changing priorities. Strong problem-solving skills and accurate, delivery-focused mindset with high attention to detail. Able to work effectively within a team but also as an individual contributor as needed. Excellent communication and interpersonal skills. Knowledge of Technology policies, Standards, and Procedures and control writing skills. Detailed understanding of risk and control management concepts, internal controls, and industry technology risk management frameworks: such as ITIL, CobiT, and NIST, CCM CSA. Ability to work and influence stakeholders effectively with all levels of the organization. Degree qualification and relevant equivalent experience. Desired technical qualification - CISSP, CRISC, ITIL or equivalent experience. We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. Our foundation includes five core values — putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back — that guide our more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find trusted colleagues, committed mentors, and a culture that values diverse perspectives, individual intellect, and cross-collaboration. Our Firm is differentiated by the calibre of our diverse team, while our company culture and commitment to inclusion define our legacy and shape our future, helping to strengthen our business and bring value to clients around the world. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.
#J-18808-Ljbffr
3264912 Posting Date:
Jan 21, 2025 Primary Location:
Europe, Middle East, Africa-United Kingdom-Glasgow Education Level:
Bachelor's Degree Employment Type:
Full Time Job Level:
Vice President Description: Morgan Stanley's Cybersecurity Department is seeking an experienced Red Team Program Lead / GRC professional to assist with the rollout of the global Regulatory Red Team Testing Program and further build out control maturity for all regions whilst monitoring its effectiveness. The ideal candidate will have experience and be an enthusiastic change agent, with a passion for collaborative working across a global community of internal and external stakeholders of all seniorities. In this role, the candidate will be able to leverage their previous experience in the corporate financial sector (or other highly regulated environments) to shape the program, execute on strategic projects, and run exercises. The ability to understand the complex business and technology aspects of an organization of this size and footprint, as well as the regulatory landscape in various regions, is of the essence. The candidate will deliver on existing roadmaps but also shape future program roadmaps whilst taking feedback onboard and running continuous improvement activities. We are looking for a hands-on professional with a proven delivery track record and passion for promoting governance. This is a delivery role at Vice President level, within the 1LOD Security Testing team which includes also the penetration testing function and is directly nestled under the global CISO. What You’ll Do: End to end coordination and delivery of sophisticated regulatory red team exercises, such as CBEST, iCAST or TIBER in a safe and compliant manner, including: Setting up projects and their required governance and guardrails Identifying and agreeing scope Risk management and oversight for exercises Findings analysis and communication Development of remediation plans Work closely with top-tier internal and external security experts for threat intelligence and incident response to continuously evolve your strong offensive security skills and push the boundaries of cybersecurity innovation. Contribute to enhancing the Firm’s cybersecurity resilience. Provide expert SME input for stakeholders to scope new exercises and the team’s service offering. Deputise for and support the head of the Global Function in leading and driving exercises in line with operational and business requirements, legislations, and regulations. Drive skills of more junior colleagues and contribute to the capability development of controls, tools, and systems. There are no line management responsibilities; however, the candidate will leverage internal and external partners to deliver. Qualifications: Experience in delivering Regulatory Red Team / Simulated Attack testing projects such as CBEST, TIBER, iCAST or similar assessments, either as a consultant or in-house. High degree of ethical standards. Familiarity with the latest regulations and legislations (e.g. DORA TLPT), best practices, and methodologies. Desire to grow and develop. Experience of leading and managing matrix teams of security professionals and senior business stakeholders. Strong analytical and report writing skills; with focus on quality and right 1st time. Effective organizational skills and an ability to manage multiple demands and changing priorities. Strong problem-solving skills and accurate, delivery-focused mindset with high attention to detail. Able to work effectively within a team but also as an individual contributor as needed. Excellent communication and interpersonal skills. Knowledge of Technology policies, Standards, and Procedures and control writing skills. Detailed understanding of risk and control management concepts, internal controls, and industry technology risk management frameworks: such as ITIL, CobiT, and NIST, CCM CSA. Ability to work and influence stakeholders effectively with all levels of the organization. Degree qualification and relevant equivalent experience. Desired technical qualification - CISSP, CRISC, ITIL or equivalent experience. We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. Our foundation includes five core values — putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back — that guide our more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find trusted colleagues, committed mentors, and a culture that values diverse perspectives, individual intellect, and cross-collaboration. Our Firm is differentiated by the calibre of our diverse team, while our company culture and commitment to inclusion define our legacy and shape our future, helping to strengthen our business and bring value to clients around the world. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.
#J-18808-Ljbffr
