Third Party Data Security Specialist

---

Job description

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

The Data Security and Infrastructure Risk Team sits within the Wealth Management (WM) Risk organization and strives to find the right balance between risk management and business enablement. The Data Security group works to ensure that our client's sensitive PII (Personally Identifiable Information) is stored and replicated securely, used properly, and accessed by only authorized individuals. The Infrastructure Risk group helps Wealth Management meet or exceed Firm and regulatory standards by applying additional controls in areas such as: Access Management, Business Continuity Planning, Vendor Risk Management, and Privacy Policy Adherence. Finally, the Client and Field Education and Engagement group provides resources to help protect our employees and clients from cyber-enabled fraud.

The Infrastructure Risk group is looking for a cybersecurity professional to support its vendor assessment program. This program seeks to integrate technology and intelligence to continuously monitor cyber risk controls within the third-party environment.

A successful candidate will have a demonstrated bias toward action, organization, and a track record of moving large projects forward. The candidate will also have strong communications and analytical skills, with a creative and flexible approach to overcoming obstacles and influencing stakeholders.

Primary Responsibilities

• Analyze vendor-provided reports of external scans of third-party providers
• Document, track, and escalate key risks and data security weaknesses
• Proactively lead communications with third parties to ensure identified data security gaps are resolved in a timely and satisfactory manner - orchestrating all discovery processes and data collection
• Develop a suite of governance and documentation materials, including policies, procedures, and remediation plans