Job Description

Sr. Associate / Manager \xe2\x80\x93 Incident Management (Internal Threats) \xe2\x80\x93 Technology



Job Number: 3246048
POSTING DATE: Jan 22, 2024
PRIMARY LOCATION: Non-Japan Asia-India-Karnataka-Bengaluru
EDUCATION LEVEL: Bachelor\'s Degree
JOB: Production Management and Operational Support
EMPLOYMENT TYPE: Full Time
JOB LEVEL: Associate


DESCRIPTION

Company profile:
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, wealth management and investment management services. With offices in more than 41 countries, the Firm\'s employees serve clients worldwide including corporations, governments, institutions, and individuals. For further information about Morgan Stanley, please visit www.morganstanley.com.
Cyber Data Risk & Resilience
The mission of CYBER DATA RISK & RESILIENCE is to deliver first-line defenses to manage risks to Firm technology, information and cyber threats through risk identification, control management and assurance. This allows the business to operate and grow in a secure and legally compliant manner.
Our vision is to deliver Programs that protect and enable the business, ensure secure delivery of services to our clients, adjust to address the risks presented by an evolving threat landscape, meet regulatory expectations, and offer highly attractive career opportunities.
Morgan Stanley is looking for a talented individual to join a team of information security experts responsible for protecting Firm, client, and employee sensitive/confidential data. The Incident Response team is responsible for managing the detection and reporting of information security and insider threat incidents, supporting all Firm Business Units. The team coordinates with the Business Units, Legal, Corporate Security and IT to gather incident details, assess risk and assist with remediation, ensuring compliance to regulatory and Firm standards. The selected candidate will be located in Bangalore, working with a global team of Information Security professionals.
Note: This is a non-technical role, involving insider threat incident handling only. It is unrelated to the CIRT/CERT or Security Operation Center (SOC) function, as to what is generally referred to in the market.
Job Responsibilities:

• 
  Conduct daily review, triage, and escalation of detected, and user reported Insider Threat events
  Collect supporting information and relevant artifacts in support of Incident Response activities
  Coordinate the response to iRespond incidents from start to finish, including but not limited to utilizing defined workflows to assess the severity of an incident, appropriate mitigation activities, communication across the organization, and ensuring proper documentation is produced outlining the details of the incident.
  Host calls with senior members of the Firm to develop quick response plans to information security incidents
  Participate in the review of information security incident handling and post-mortem analysis, in order to highlight control gaps across the organization or process gaps within the team
  Provide general Information Security advisory services to key stakeholders across the Firm as required
  Participate in projects related to operational improvements and tooling
  Provide on call and out of hours support

QUALIFICATIONS

Required Skills :

• 
  Bachelor\'s degree or equivalent
  Experience: 2 - 6 Years
  Experience in a similar role or working knowledge of Incident Management, Information Security, or Data Privacy
  Ability to analyse data to look for anomalies or appropriately identify potential risk issues requiring further escalation
  Very strong verbal and written English communications skills
  Ability to handle sensitive situations with discretion and maintain confidentiality
  Ability to handle multiple competing priorities, while maintaining attention to detail
  Strong working knowledge of Microsoft Office (Excel, PowerPoint, and Visio)
  Excellent interpersonal skills
  Flexible and self-motivator

Desired Skills :

• 
  Working knowledge of DLP detection products
  Information Security-related Certifications (e.g., CISM, CRISC, CISSP, Security+)
  Knowledge or experience in supporting Insider Threat mitigation strategies
  Knowledge in personal data protection or privacy regulations
  Knowledge of Splunk, Netskope, Incident management tools like Archer, MS Dynamics, etc

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.