Non-Financial Risk Manager - NFR - Director
About The Position
The cornerstone of Morgan Stanley's risk management philosophy is the execution of risk-adjusted returns through prudent risk-taking that protects Morgan Stanley's capital base, liquidity and franchise. Non-Financial Risk (NFR) refers to the risk of actual or potential economic, reputational, regulatory, financial reporting and client impact, resulting from inadequate or failed internal processes, people, and systems, or from external events impacting the full scope of its business activities, including revenue-generating activities and infrastructure groups. NFR is part of the Second Line of Defence providing independent oversight and challenge to management across compliance and operational risks. Given the nature and breadth of operational risk, operational risks are managed at multiple levels e.g. Firmwide, as well as Regional, Business Unit, Infrastructure Group, Control Function and Legal Entity. The NFR Cyber, Technology and Information Security (CTIS) Department is focused specifically on managing cyber, technology and information security risks. NFR CTIS brings together rules management, standard setting, assessing risk, process and controls by technology domains, advising the business, and an oversight and testing function to provide a comprehensive risk management decision for cyber, technology and information security related risks. Cybersecurity, Information Security and Technology risk management is critical to ensure the confidentiality, integrity and availability of Firm Information, Systems and Assets. Cybersecurity risk refers to managing and protecting the Firm’s information assets and operations from cyber threats, e.g., cyber events or attacks resulting from inadvertent or intentional acts involving deception, falsification, destruction, etc. Information Security risk refers to protecting the confidentiality, integrity and availability of Firm’s information and systems, e.g., internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of confidential information and systems. Technology risk refers to ensuring and protecting the availability, stability, capacity and recovery capabilities of the Firm’s key systems, e.g., loss, damage or business disruption resulting from inadequate or failed processes, people and systems or from external events. Position Description Morgan Stanley is seeking a Risk professional to join the Cyber, Technology and Information Security (CTIS) Standards team within the Non-Financial Risk Organization in Baltimore at the Director level. The CTIS Standards team enables the firm to manage and comply with CTIS Rules and Risks by setting standards for controls and risk measurement. It defines the overall framework and standards for effective management of CTIS risks, including monitoring of framework activities.
Requirements
- Degree required with a focus in Risk Management, Compliance, Computer Science, Information Technology or Cybersecurity preferred
- 5+ years of relevant experience would be expected to find the skills required for this role, preferably risk management or compliance experience in the financial services industry, a regulator, a self-regulatory organization, or other heavily regulated industries
- Good understanding of risk management principles. Familiarity with risk management best practices (e.g., CRI, NIST CSF, ISO 27001, CIS Controls) preferred
- Self-motivated with strong analytical, organizational, and problem‑solving skills; ability to work independently, demonstrate resourcefulness, and develop well‑structured proposals
- Ability to work effectively in a cross-functional, global team
- Excellent communication skills, both verbal and written; ability to tailor communication to technical vs non-technical, senior vs junior audiences
Responsibilities
- Policy, Framework and Procedure: Support the documentation of CTIS Risk Management approaches across Cyber, Technology and Information Security for both Firm and Banks. Support the review and providing of feedback on any CTIS-relevant aspects of NFR Policies, Frameworks and Procedures.
- Control Domains: Support the identification and management of the list CTIS control domains necessary to manage CTIS Risks, which feeds into the categorization of rules and regulations and drive the scoping of Control standards as well as associated risk measurement, assessment and testing.
- Metrics/ Key Risk Indicators: Assist with relevant central coordination/ management aspects around Second Line-governed metrics, which may include working with the NFR and first line stakeholders on data automation and tooling.
- Cross-Functional Collaboration: Work closely with other departments to ensure the alignment of risk management activities with broader organizational risk management frameworks. Build and maintain strong positive relationships with the broader risk community.
Benefits
- Medical
- Prescription Drug
- Dental
- Vision
- Health Savings Account
- Dependent Day Care Savings Account
- Life Insurance
- Disability and Other Insurance Plans
- Paid Time Off (including Sick Leave consistent with state and local law, Parental Leave and 20 Vacation Days annually)
- 10 Paid Holidays
- 401(k)
- Short/Long Term Disability
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
