Job Description

Vice President - Technology Testing (Legal and Compliance)

Job Number:

3256133


POSTING DATE: Jul 19, 2024
PRIMARY LOCATION: Non-Japan Asia-India-Maharashtra-Mumbai (MSA)
EDUCATION LEVEL: Bachelor's Degree
JOB: Other
EMPLOYMENT TYPE: Full Time
JOB LEVEL: Vice President

DESCRIPTION



Company Profile

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Department Profile

Legal and Compliance

Legal & Compliance Division (LCD) comprises of Legal, Compliance, Global Financial Crimes and

Regulatory Relations.

The Legal Department provides guidance, requirements, and procedures for understanding and complying with the laws, regulations and Firm policies that apply to our businesses.

The Global Compliance Department identifies applicable Compliance Obligations and maintains a

Firmwide Compliance Risk management program, including Compliance Risks that transcend business lines, legal entities and jurisdictions of operation.

Global Financial Crimes is responsible for the development and governance of the Firm's financial crime prevention efforts across all regions and business units. Global Financial Crimes is comprised of the Anti-Money Laundering (AML), Sanctions, Anti-boycott, Anti-Corruption (ACG), Government, and Political Activities Compliance (GPAC) programs.

Operational Risk refers to the risk of financial or other loss, or potential damage to a firm's reputation, resulting from inadequate or failed internal processes, people, systems, or from external events.

Operational Risk Department (ORD) defines the framework, standards, and governance for Operational Risk for the Firm, and implements and monitors the company-wide operational risk program. ORD works with the business units and control groups to help ensure Morgan Stanley has a transparent, consistent, and comprehensive program for managing operational risk, both within each area and across the firm globally.

The Global Regulatory Relations Group (GRRG) is responsible for strategic and centralized management of the supervisory activities of Morgan Stanley's regulators and related developments globally, with a focus on regulatory reviews and examinations and continuous monitoring activities. GRRG serves as the central point of contact for the regulatory staff responsible for supervisory activities at Morgan Stanley entities and for timely reporting to Firm management and other governance or management bodies, as appropriate, on those relationships and supervisory processes, including areas of significant regulatory focus or concern.

LCD Center of Excellence - Mumbai (LCD CoE) is a part of Morgan Stanley's Global In-house Center, which provides global support to LCD and is an integral part of Firm and LCD strategy

Background on the Team

The successful candidate will perform a combination of fieldwork supervisory and test execution duties and other tests on engagements assigned by Technology Risk Testing. The Technology Risk Testing team is part of the broader Global 2LOD Non-Financial Risk Testing organization. The team plans and executes the Technology Risk annual testing plan.


QUALIFICATIONS


Primary Responsibilities
• Assist in the development and maintenance of the annual technology testing plan.


• Manage a team of technology risk testing personnel; monitor capacity and distribute work assignments to ensure timely delivery of assigned engagements.
• Develop and deliver engagement announcements.


• Review, approve, and deliver engagement scope memos.


• Lead engagement kickoff meetings for stakeholders; lead periodic engagement progress updates.


Supervisory fieldwork-Oversee the day-to-day operations of the team's testing activities:
• Review and approve new test scripts and recipe cards.


• Review technology risk testing personnel workpapers.


• Review and disposition potential technology risk test findings; engage stakeholders accordingly.


• Review proposed action plans and remediation requirements; engage stakeholders accordingly.


• Test execution fieldwork-Perform test activities in accordance with 2L NFR testing standards:


• Interview stakeholders, request and review pertinent policies, standards, procedures, KRI metrics, and other documents, and walk through relevant processes and control environments.


• Develop test scripts and recipe cards.


• Request and validate receipt of relevant data and samples for testing.


• Execute and document test activities in test workpapers.


• Identify and escalate potential test findings.


• Propose action plans and remediation requirements.


• Prepare test reports.


• Review, approve, and deliver final engagement and test reports.


• Track and confirm completion of action plans and their remediation requirements.


• Remain current on industry rules, regulations and best practices to make recommendations to the testing program.


• Develop and maintain effective working relationships with the business units as well as internally within the Legal, Compliance, and Operational Risk Department.



Skills required (essential)

• Bachelor of Science required with a concentration in Computer Science or Information Technology.


8+ years audit/risk/compliance experience in the financial services industry, a regulator, or a self-regulatory organization.
• Experience leading and conducting Technology reviews.


• Investigative skills - inquiry and analysis, interviewing, testing, risk assessment capabilities


• Ability to research and resolve issues independently while working across teams to acquire information.


• Risk Management Knowledge - strong understanding of financial industry risk and control and the ability to critique relevant language.


• Strong analytical, organizational, and problem-solving skills.


• Ability to prioritize and work effectively on multiple reviews with different individuals at the same time.


• Ability to work independently, as well, as in a team.


• Strong verbal and written communication skills


• High degree of organization and attention to detail.


• Proficiency with Microsoft Word, Excel, PowerPoint, Adobe, SharePoint, Bloomberg, and ability to quickly learn automated systems, such as trade order management systems, portfolio accounting systems, pre/post trade surveillance systems and web applications.



Skills desired
• Knowledge of global regulatory requirements like GLBA, GDPR, Part 30 Information Security, NYDFS etc. and technology control standards like NIST, FFIEC, COBIT, CIS etc.


• Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) designations are highly desirable.


• Other relevant industry certification in the Technology field (e.g. CISSP, cloud certifications, etc) are a plus.



Coverage
• Monday to Friday from 1:30 PM to 10:30 PM. Coverage is dependent on business needs so flexibility on required finish time.



Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.

Primary Responsibilities
• Assist in the development and maintenance of the annual technology testing plan.


• Manage a team of technology risk testing personnel; monitor capacity and distribute work assignments to ensure timely delivery of assigned engagements.
• Develop and deliver engagement announcements.


• Review, approve, and deliver engagement scope memos.


• Lead engagement kickoff meetings for stakeholders; lead periodic engagement progress updates.


Supervisory fieldwork-Oversee the day-to-day operations of the team's testing activities:
• Review and approve new test scripts and recipe cards.


• Review technology risk testing personnel workpapers.


• Review and disposition potential technology risk test findings; engage stakeholders accordingly.


• Review proposed action plans and remediation requirements; engage stakeholders accordingly.


• Test execution fieldwork-Perform test activities in accordance with 2L NFR testing standards:


• Interview stakeholders, request and review pertinent policies, standards, procedures, KRI metrics, and other documents, and walk through relevant processes and control environments.


• Develop test scripts and recipe cards.


• Request and validate receipt of relevant data and samples for testing.


• Execute and document test activities in test workpapers.


• Identify and escalate potential test findings.


• Propose action plans and remediation requirements.


• Prepare test reports.


• Review, approve, and deliver final engagement and test reports.


• Track and confirm completion of action plans and their remediation requirements.


• Remain current on industry rules, regulations and best practices to make recommendations to the testing program.


• Develop and maintain effective working relationships with the business units as well as internally within the Legal, Compliance, and Operational Risk Department.



Skills required (essential)

• Bachelor of Science required with a concentration in Computer Science or Information Technology.


8+ years audit/risk/compliance experience in the financial services industry, a regulator, or a self-regulatory organization.
• Experience leading and conducting Technology reviews.


• Investigative skills - inquiry and analysis, interviewing, testing, risk assessment capabilities


• Ability to research and resolve issues independently while working across teams to acquire information.


• Risk Management Knowledge - strong understanding of financial industry risk and control and the ability to critique relevant language.


• Strong analytical, organizational, and problem-solving skills.


• Ability to prioritize and work effectively on multiple reviews with different individuals at the same time.


• Ability to work independently, as well, as in a team.


• Strong verbal and written communication skills


• High degree of organization and attention to detail.


• Proficiency with Microsoft Word, Excel, PowerPoint, Adobe, SharePoint, Bloomberg, and ability to quickly learn automated systems, such as trade order management systems, portfolio accounting systems, pre/post trade surveillance systems and web applications.



Skills desired
• Knowledge of global regulatory requirements like GLBA, GDPR, Part 30 Information Security, NYDFS etc. and technology control standards like NIST, FFIEC, COBIT, CIS etc.


• Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) designations are highly desirable.


• Other relevant industry certification in the Technology field (e.g. CISSP, cloud certifications, etc) are a plus.



Coverage
• Monday to Friday from 1:30 PM to 10:30 PM. Coverage is dependent on business needs so flexibility on required finish time.



Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.