VP - Non-Financial Risk Technology Risk Test Manager (Legal & Compliance)
Morgan Stanley
Division: Legal and Compliance Division
Job Title: Non-Financial Risk Technology Risk Test Manager
Job Level: Vice President
Morgan Stanley Overview:
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm’s employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, and strong team ethic.
Legal and Compliance Division Overview:
The professionals in the Legal and Compliance Division “LCD” provide a wide range of services to our business units. LCD is made up of the Legal, Regulatory Relations, and Non-Financial Risk departments which preserve the firm’s invaluable reputation for integrity and protect the firm from sanctions with policies and procedures that are designed to meet regulatory requirements around the world. We also strive to maintain cooperative relationships with governmental policy makers and the regulatory and self-regulatory agencies that govern the firm’s businesses.
Non-Financial Risk Organization Overview:
The second- line of defense Non-Financial Risk “2L NFR” organization includes the Compliance, Global Financial Crimes, and Operational Risk departments and provides a single, comprehensive, and consistent second-line view of these non-financial risks. Non-Financial Risk encompasses risks which are not financial in nature, and could have a potential economic, reputational, regulatory, financial reporting, or client impact from (i) failed or inadequate processes, data, or controls; ii) infrastructure or environmental factors; or iii) intentional or inadvertent actions of employees or external parties. The 2L NFR organization partners with the first-line business units to advise, train, manage, report, identify, analyze, and escalate non-financial risks.
2L NFR Testing Program Overview:
The 2L NFR Testing Program is one of several component parts in the wider NFR Oversight Assurance Framework. The Program is comprised of a Central NFR Testing Team, an NFR Oversight Governance Team, and several Coverage Testing Teams aligned to the Firm’s primary business Divisions and to several enterprise disciplines.
Role Overview:
The candidate will join the 2L NFR Testing Program as a member of the Technology Risk Testing team and will perform a combination of fieldwork supervisory and test execution duties. This role reports to the Global Head of Technology Risk Testing and requires in-office attendance of 3 days/week.
Primary Responsibilities:
· Assist in the development and maintenance of the annual technology testing plan.
· Manage a team of technology risk testing personnel; monitor capacity and distribute work assignments to ensure timely delivery of assigned engagements.
· Develop and deliver engagement announcements.
· Review, approve, and deliver engagement scope memos.
· Lead engagement kickoff meetings for stakeholders; lead periodic engagement progress updates.
· Supervisory fieldwork—Oversee the day-to-day operations of the team’s testing activities:
o Review and approve new test scripts and recipe cards.
o Review technology risk testing personnel workpapers.
o Review and disposition potential technology risk test findings; engage stakeholders accordingly.
o Review proposed action plans and remediation requirements; engage stakeholders accordingly.
· Test execution fieldwork—Perform test activities in accordance with 2L NFR testing standards:
o Interview stakeholders, request and review pertinent policies, standards, procedures, KRI metrics, and other documents, and walk through relevant processes and control environments.
o Develop test scripts and recipe cards.
o Request and validate receipt of relevant data and samples for testing.
o Execute and document test activities in test workpapers.
o Identify and escalate potential test findings.
o Propose action plans and remediation requirements.
o Prepare test reports.
· Review, approve, and deliver final engagement and test reports.
· Track and confirm completion of action plans and their remediation requirements.
· Remain current on industry rules, regulations and best practices to make recommendations to the testing program.
· Develop and maintain effective working relationships with the business units as well as internally within the Legal, Compliance, and Operational Risk Department.
Qualifications:
- BA/BS required with a concentration in Computer Science or Information Technology.
- 8+ years audit/risk/compliance experience in the financial services industry, a regulator, or a self-regulatory organization.
- Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) designations are highly desirable.
- Other relevant industry certification in the Technology field (e.g. CISSP, cloud certifications, etc) are a plus.
- Experience leading and conducting Technology reviews.
- Investigative skills – inquiry and analysis, interviewing, testing, risk assessment capabilities
- Ability to research and resolve issues independently while working across teams to acquire information.
- Risk Management Knowledge - strong understanding of financial industry risk and control and the ability to critique relevant language.
- Strong analytical, organizational, and problem-solving skills.
- Ability to prioritize and work effectively on multiple reviews with different individuals at the same time.
- Ability to work independently, as well, as in a team.
- Strong verbal and written communication skills
- High degree of organization and attention to detail.
- Proficiency with Microsoft Word, Excel, PowerPoint, Adobe, SharePoint, Bloomberg, and ability to quickly learn automated systems, such as trade order management systems, portfolio accounting systems, pre/post trade surveillance systems and web applications.
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.