Application Security and Data Discovery Lead - Vice President
About The Position
The Wealth Management (WM) Chief Data Office (CDO) sits within the WM Risk organization and strives to find the right balance between risk management and business enablement. WM CDO’s mission is: prevent unauthorized access to or misuse of client sensitive data and assets; abide by relevant privacy laws and regulations; effectively retain, retrieve, and protect information and records at the Firm; and mitigate risks caused by inaccurate, untimely, or incomplete WM data. The WM Application and Infrastructure Security Team within WM CDO works to ensure that our clients’ Personally Identifiable Information (PII) is stored securely and appropriate controls are applied across all technology assets handling sensitive data. Role Description: The WM Application and Infrastructure Security Team seeks a Vice President to lead the enhancement of capabilities for identifying sensitive data risk across the WM technology estate. This individual will drive the strategy and execution of scanning solutions to identify PII across databases, files at rest, web and email traffic, managed file transfer platforms, and other channels handling sensitive data. The successful candidate will bring deep knowledge of data discovery and scanning techniques, including Exact Data Matching (EDM), as well as familiarity with text extraction capabilities and the evolving Artificial Intelligence (AI) landscape, including Large Language Models (LLMs). In addition to leading sensitive data identification efforts, this role will serve as a cybersecurity risk officer for WM applications. The individual will work with central cyber, infrastructure, and application engineering teams to triage risks identified against the WM business risk appetite. This will include serving as the central point for vulnerability findings, application architecture risks, and SDLC concerns—among other standard cybersecurity risk management practices—ultimately balancing risk remediation against WM business objectives.
Requirements
- 7-10 years of relevant experience in cybersecurity, data security, or a related field
- Experience with enterprise data discovery, classification, or scanning capabilities across multiple technology domains
- Demonstrated usage and/or comfort leveraging LLMs in an enterprise environment
- Strong knowledge of scanning techniques, including EDM
- Understanding of databases, files at rest, web and email traffic inspection, and managed file transfer systems in large enterprise environments
- Strong understanding of common application architecture and software development practices
- Solid foundation in cybersecurity principles, including vulnerability management, secure SDLC concepts, and architecture risk identification
- Ability to partner with stakeholders and drive complex initiatives to completion in a large matrixed organization
- Excellent written and verbal communication skills, with the ability to communicate at all levels within the organization
- Exceptional critical thinking, problem-solving, and research skills
- Ability to independently manage multiple, simultaneous workstreams and exhibit strong attention to detail
Nice To Haves
- Experience with text extraction, document parsing, or other techniques used to analyze unstructured data at scale
- Experience serving as a business owner or leading cross-functional delivery efforts for security or risk-related technology initiatives
- Experience with scripting, automation, or data analysis tools such as Python, SQL, or similar technologies
Responsibilities
- Leading the strategy, design, and implementation of PII discovery and scanning capabilities across databases, file repositories, web and email traffic, managed file transfer platforms, and other sensitive data channels
- Serving as a subject matter expert on enterprise scanning and detection techniques, including EDM, content inspection, and text extraction approaches for structured and unstructured data
- Designing AI/LLM capabilities for improved data identification, classification, and risk detection across the estate
- Partnering with application, infrastructure, messaging, and file transfer stakeholders to onboard scanning controls, expand coverage, and address control gaps
- Identifying and assessing risks related to sensitive data handling, including application architecture weaknesses, SDLC issues, vulnerability management gaps, and control design deficiencies
- Developing a strategy to leverage structured data scan results and reduce risk across all WM applications
- Serving as the business owner for relevant scanning and monitoring initiatives, ensuring technology squads deliver effective products and capabilities
- Liaising with Morgan Stanley’s central cybersecurity organization to interpret control requirements and apply them effectively within the WM environment
- Defining and tracking metrics related to scanning coverage, findings, remediation progress, and residual risk
- Providing leadership and subject matter expertise to junior team members and helping drive consistent execution across the function
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
5,001-10,000 employees
