hero

Find Your Dream Job Today

Our mission is to help high-achieving LGBTQ+ undergraduates reach their full potential.

Director- Technology Risk Tester (Legal and Compliance)

Morgan Stanley

Morgan Stanley

IT, Legal
Mumbai, Maharashtra, India
Posted on Apr 6, 2024

Company Profile:


Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Department Profile: Legal and Compliance
Legal & Compliance Division (LCD) comprises of Legal, Compliance, Global Financial Crimes and Regulatory Relations.

- The Legal Department provides guidance, requirements, and procedures for understanding and complying with the laws, regulations and Firm policies that apply to our businesses.

- The Global Compliance Department identifies applicable Compliance Obligations and maintains a Firmwide Compliance Risk management program, including Compliance Risks that transcend business lines, legal entities and jurisdictions of operation.

- Global Financial Crimes is responsible for the development and governance of the Firm’s financial crime prevention efforts across all regions and business units. Global Financial Crimes is comprised of the Anti-Money Laundering (AML), Sanctions, Anti-boycott, Anti-Corruption (ACG), Government, and Political Activities Compliance (GPAC) programs.

- Operational Risk refers to the risk of financial or other loss, or potential damage to a firm's reputation, resulting from inadequate or failed internal processes, people, systems, or from external events. Operational Risk Department (ORD) defines the framework, standards, and governance for Operational Risk for the Firm, and implements and monitors the company-wide operational risk program. ORD works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent, and comprehensive program for managing operational risk, both within each area and across the firm globally.

- The Global Regulatory Relations Group (GRRG) is responsible for strategic and centralized management of the supervisory activities of Morgan Stanley’s regulators and related developments globally, with a focus on regulatory reviews and examinations and continuous monitoring activities. GRRG serves as the central point of contact for the regulatory staff responsible for supervisory activities at Morgan Stanley entities and for timely reporting to Firm management and other governance or management bodies, as appropriate, on those relationships and supervisory processes, including areas of significant regulatory focus or concern.

LCD Center of Excellence – Mumbai (LCD CoE) is a part of Morgan Stanley’s Global In-house Center, which provides global support to LCD and is an integral part of Firm and LCD strategy

Background on the Team:
The successful candidate will plan and execute full-scope and other tests on engagements assigned by Technology Risk Testing. The Technology Risk Testing team is part of the broader Global 2LOD Non-Financial Risk Testing organization. The team plans and executes the Technology Risk annual testing plan.

Primary Responsibilities:

- Attend engagement kick-off meetings.

- Interview stakeholders, request and review pertinent policies, standards, procedures, KRI metrics, and other documents, walk through relevant processes and control environments.

- Determine and propose appropriate test activities and develop engagement scope memos.

- Develop test scripts and recipe cards.

- Request and validate receipt of relevant data and samples for testing.

- Execute and document test activities in test workpapers. Test activities may include process deep dives, control design reviews, control effectiveness tests, or outcomes-based tests.

- Identify and escalate potential test findings.

- Propose action plans and remediation requirements.

- Prepare test reports.

- Coordinate with Technology Risk testing personnel globally to track the progress of the test plan for reporting to senior management.

- Track status of corrective action plans agreed upon with the business

- Track internal audit reviews and findings and review internal audit work-papers to identify opportunities to leverage their reviews for Technology Operational Risk testing reviews.

- Remain current on industry rules, regulations, and best practices to make recommendations to the testing program.

Skills required (essential):

- 6 -10 years’ experience working with medium to large sized firms in technology risk management/technology operational risk testing/technology internal audit/information technology control governance testing. Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) designations are highly desirable.

- Other relevant industry certification in the Technology field (e.g. CISSP, cloud certifications, etc) are a plus.

- Experience leading and conducting Technology reviews.

- Investigative skills – inquiry and analysis, interviewing, testing, risk assessment capabilities

- Strong analytical, organizational, and problem-solving skills.

- Ability to prioritize and work effectively on multiple reviews with different individuals at the same time.

- Ability to work independently, as well, as in a team.

- Ability to work with staff of all levels across departments.

- Must have excellent written and oral communication skills.

- High degree of organization and attention to detail.

Proficiency with Microsoft Word, Excel, PowerPoint, Adobe, SharePoint, Bloomberg, and ability to quickly learn automated systems, such as trade order management systems, portfolio accounting systems, pre/post trade surveillance systems and web applications.

Skills desired:

- Knowledge of global markets / market regulations.

- Audit experience of Stock broking firms will be preferred

- Industry qualifications - CISA/ DISA or similar certification preferred

“Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents."