Technology Control Tester - #1717612

Glasgow

JR009750

The InfoSec, Technology, and Cybersecurity (ITCT) program assesses Firmwide control compliance with the Global Technology Policy, InfoSec Policy, and Cybersecurity Policy, as well as control testing and validation activities, as agreed with management, in relation to emerging risks, regulatory remediation, and findings from other assessments.

The Control Tester is a junior role within ITCT accountable for executing and documenting control testing which must stand up to high-quality expectations, as well as project management of control testing reviews from start to finish. This role supports Review Leads and collaborates with Control Tester peers to perform each review assigned to them.

Roles And Responsibilities

Planning Reviews

• Support the Review Lead in kick-off meetings with PCOs and Risk Officers to review scope, timeline, and approach.
• Schedule walkthroughs with control contacts, document walkthrough takeaways, send follow-up requests for artifacts.
• Develop draft test procedures for each control after walkthroughs or peer-review test procedures developed by another control tester.
• Address feedback from Review Lead or peer reviews.
  
  

Executing Reviews

• Create evidence request list from final set of test procedures and communicate requests to stakeholders.
• Stay on top of evidence requests, including following up with reminders when needed.
• Review evidence upon receipt and escalate quality concerns to Review Lead if needed.
• Document workpapers and evidence per control using the ITCT workpaper template.
• Perform a critical self-review of workpapers or perform a QA review over the workpapers of a peer.
• Address feedback from Review Lead or peer reviews.
  
  

Reporting Review Results and Managing Risk Issues

• Escalate potential risk issues to the Review Lead as soon as possible.
• Develop draft issue descriptions and determine a draft risk rating for potential issues using the Risk Level Standard.
• Support the Review Lead during issue confirmation discussions with control contacts.
• Document draft results reports and/or peer-review the draft report of another.
• Help the Review Lead to address comments from 2/3 LOD.
• Create and monitor risk issues in OpenPages.
• Closure-verify issues in OpenPages once remediated.
  
  

Project Management Of Reviews

• Complete responsibilities described above in line with milestone dates agreed upon with the Review Lead.
• Regularly provide the ITCT Review Lead with status updates on ongoing activities, escalating concerns on meeting milestones to the Review Lead when necessary.
• Updating the ITCT Master Tracker on a twice weekly basis.
  
  

Desired Skills / Experience

• Working knowledge of key Technology, Information Security, and Cybersecurity concepts (e.g., data security, identity and access management, network security, change management, etc.)
• Understanding of relevant regulations and industry standards (e.g., ISO 27001, COBIT, NIST, etc.) including principles and key concepts related to risk assessment, controls, and testing.
• Working knowledge of technology applications and infrastructure (e.g., server, network, platform desktop environment) and ability to identify risk and controls.
• Ability to employ process-based thinking to effectively obtain, analyze, and interpret information, identify root causes of problems, and draw logical conclusions.
• Excellent written and verbal communication skills.
• Good organizational skills with diligence and ability to manage multiple priorities.
• Proficient use of Microsoft Excel and other Microsoft Office products
• Required Education: Bachelor's degree.
• Minimum 3 years relevant risk experience from roles in any of the following: Audit (internal or external), Risk Officer / Information Security Officer, Technology Risk Governance / Consulting, Regulatory agencies
  
  

What You Can Expect From Morgan Stanley

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

Certified Persons Regulatory Requirements

If t his role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks.

Flexible work statement

Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.