Non-Financial Risk Manager - NFR - Director

The cornerstone of Morgan Stanley's risk management philosophy is the execution of risk-adjusted returns through prudent risk-taking that protects Morgan Stanley's capital base, liquidity and franchise. Non-Financial Risk (NFR) refers to the risk of actual or potential economic, reputational, regulatory, financial reporting and client impact, resulting from inadequate or failed internal processes, people, and systems, or from external events impacting the full scope of its business activities, including revenue-generating activities and infrastructure groups. NFR is part of the Second Line of Defence providing independent oversight and challenge to management across compliance and operational risks. Given the nature and breadth of operational risk, operational risks are managed at multiple levels e.g. Firmwide, as well as Regional, Business Unit, Infrastructure Group, Control Function and Legal Entity.

The NFR Cyber, Technology and Information Security (CTIS) Department is focused specifically on managing cyber, technology and information security risks. NFR CTIS brings together rules management, standard setting, assessing risk, process and controls by technology domains, advising the business, and an oversight and testing function to provide a comprehensive risk management decision for cyber, technology and information security related risks. Cybersecurity, Information Security and Technology risk management is critical to ensure the confidentiality, integrity and availability of Firm Information, Systems and Assets. Cybersecurity risk refers to managing and protecting the Firm’s information assets and operations from cyber threats, e.g., cyber events or attacks resulting from inadvertent or intentional acts involving deception, falsification, destruction, etc. Information Security risk refers to protecting the confidentiality, integrity and availability of Firm’s information and systems, e.g., internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of confidential information and systems. Technology risk refers to ensuring and protecting the availability, stability, capacity and recovery capabilities of the Firm’s key systems, e.g., loss, damage or business disruption resulting from inadequate or failed processes, people and systems or from external events.

Position Description

Morgan Stanley is seeking a Risk professional to join the Cyber, Technology and Information Security (CTIS) Standards team within the Non-Financial Risk Organization in Baltimore at the Director level. The CTIS Standards team enables the firm to manage and comply with CTIS Rules and Risks by setting standards for controls and risk measurement. It defines the overall framework and standards for effective management of CTIS risks, including monitoring of framework activities.

Primary Responsibilities

The role includes the following primary responsibilities:

• Policy, Framework and Procedure: Support the documentation of CTIS Risk Management approaches across Cyber, Technology and Information Security for both Firm and Banks. Support the review and providing of feedback on any CTIS-relevant aspects of NFR Policies, Frameworks and Procedures.
• Control Domains: Support the identification and management of the list CTIS control domains necessary to manage CTIS Risks, which feeds into the categorization of rules and regulations and drive the scoping of Control standards as well as associated risk measurement, assessment and testing.
• Metrics/ Key Risk Indicators: Assist with relevant central coordination/ management aspects around Second Line-governed metrics, which may include working with the NFR and first line stakeholders on data automation and tooling.
• Cross-Functional Collaboration: Work closely with other departments to ensure the alignment of risk management activities with broader organizational risk management frameworks. Build and maintain strong positive relationships with the broader risk community.

Qualifications and Essential Skills

• Degree required with a focus in Risk Management, Compliance, Computer Science, Information Technology or Cybersecurity preferred  
• 5+ years of relevant experience would be expected to find the skills required for this role, preferably risk management or compliance experience in the financial services industry, a regulator, a self-regulatory organization, or other heavily regulated industries
• Good understanding of risk management principles. Familiarity with risk management best practices (e.g., CRI, NIST CSF, ISO 27001, CIS Controls) preferred
• Self-motivated with strong analytical, organizational, and problem‑solving skills; ability to work independently, demonstrate resourcefulness, and develop well‑structured proposals
• Ability to work effectively in a cross-functional, global team
• Excellent communication skills, both verbal and written; ability to tailor communication to technical vs non-technical, senior vs junior audiences

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

At Morgan Stanley, we raise, manage and allocate capital for our clients – helping them reach their goals. We do it in a way that’s differentiated – and we’ve done that for 90 years.  Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices​ into your browser.

Salary range for the position: $70,000 and $125,000 per year. The successful candidate may be eligible for an annual discretionary incentive compensation award. The successful candidate may be eligible to participate in the relevant business unit’s incentive compensation plan, which also may include a discretionary bonus component. Morgan Stanley offers a full spectrum of benefits, including Medical, Prescription Drug, Dental, Vision, Health Savings Account, Dependent Day Care Savings Account, Life Insurance, Disability and Other Insurance Plans, Paid Time Off (including Sick Leave consistent with state and local law, Parental Leave and 20 Vacation Days annually), 10 Paid Holidays, 401(k), and Short/Long Term Disability, in addition to other special perks reserved for our employees. Please visit mybenefits.morganstanley.com to learn more about our benefit offerings.

Morgan Stanley's goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently, our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.

It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, transgender, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.

Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).