Security Architect - Associate
The IT Security Architecture (SecArch) team is part of the Technology Infrastructure Risk (TIR) organization. The mission of the SecArch team is to provide security assessments of technology systems and processes to identify business risks and recommend remedial action based on established security standards or security best practices. The IT Security Integrator is an internal consultant that is working on multiple security architecture and design assessments. The Integrator works with team members (IT, Business, Suppliers, Stakeholders and Partners) globally to perform SecArch assessments. To be successful as an Integrator the candidate must have broad technology experience coupled with strong communication, influencing and time management skills.
An Integrator has the following responsibilities:
- Lead SecArch deep dives with the requestor of the assessment
- Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:
- Authentication, Authorization, Auditing
- Application Security, Session Security, Vulnerability/Pen Testing items, Input Validation
- Secure data transport and storage
- Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
- Participate in various Operational and Technology Risk governance processes
- Assist in identifying new areas and opportunities of technology investment for the firm
- Excellent communication skills: written, oral, presentation, listening
- Ability to influence through factual reasoning
- Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking
- Strong focus on delivery when presented with short timelines and increased involvement from senior management
- Ability to adjust communication of technology risks vs business risks based on the audience
- In depth knowledge of application, network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers
- Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy in.
- Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
- Working experience in most of the following areas:
a. Authentication: SAML, SiteMinder, Kerberos, OpenId
b. Entitlements and identity management
c. Data protection, data leakage prevention and secure data transfer and storage
d. App Security - validation checking, software attack methodologies
e. Cryptography - encryption and hashing
- Knowledge of standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, vpn, and load-balancers, and to understand network architecture.
- Knowledge of the primary operating systems (Unix, Windows, z/OS, Mac OS), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks.
- Knowledge of web technologies such as Web Browsers, Web Servers, Web Services
- Previous experience in global financial services is preferred
- CISSP or GIAC certifications preferred
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.*LI-RJ1