Posting Date: Aug 4, 2020
Primary Location: Europe, Middle East, Africa-United Kingdom-United Kingdom-Glasgow
Job: Threat Management
3153860 - Cyber Security Response Manager – Vice President – Glasgow
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
The mission of the Fusion Resilience Center (Fusion) is to understand, prepare for, respond to, recover and learn from operational threats and incidents that impact the Firm. Fusion provides an integrated and holistic ability to prepare for and deal with a broad landscape of threats, which may impact the Firm, from cyber and fraud, to technology incidents, weather, natural disasters, geopolitical unrest, terrorist attacks, and pandemics. Fusion is responsible for providing Global Intelligence, managing Global Response Operations, and facilitating Business Resilience across the Firm. With centers in New York, London, Glasgow, Budapest, Mumbai, Hong Kong, Tokyo, and Singapore, Fusion’s 24/7 proactive follow-the-sun model is the cornerstone of the Firm’s operational resilience capability.
Morgan Stanley has a critical requirement for a Cyber Security Response Manager, known internally as a Cyber Event Manager (CEM), in Glasgow to work as part of our 24/7 global Fusion enterprise. Morgan Stanley’s CEM Management team is charged with orchestrating prevention, detection, and response to cyber events that threaten the Firm’s clients, assets, and reputation. Partnering with key stakeholders across Technology, Operations, and the Business Units, the CEM team is also responsible for the management of events from detection to response to resolution, and serves as the Firm’s focal point for cyber communications and reporting.
Fusing together information received both externally from our partners and internally from our detection capabilities to enable rapid decision-making, Fusion is the Firm’s cornerstone of an agile and adaptive cyber defense strategy, enabling the Firm to rapidly align our defensive capabilities to adapt to changing cyber adversary tactics. Fusion’s CEM team is responsible for orchestrating a rapid Firm-wide response to any cyber threat, vulnerability, or incident that introduces risk to the Firm, taking into consideration the nature and criticality of the cyber event; the Firm’s assessed or potential exposure; the Firm’s control posture; and the level of actual or potential business impact – in short, leading and coordinating cyber response.
The global Fusion Resilience Center is a 24/7 operation with members in key geographic locations; this requires the role to cover shifts during weekday core hours, plus occasional evening and weekend on call for Cyber Event Management as required.#LI-AS2
A successful CEM must have an appropriate mix of cybersecurity knowledge, communication skills, interpersonal skills, operational experience and the ability to solve complex problems. A successful candidate should ideally have a solid foundation of cybersecurity technology experience and have a voracious appetite for learning new things. The cybersecurity landscape is constantly changing and it is essential that the candidate be able to keep pace in this incredibly dynamic environment.
Assist in the development and implementation of Fusion’s global operations, working with Fusion leadership and nodes in Asia and North America as part of a comprehensive “follow the sun” workflow processes
Orchestrate cyber event management from detection to resolution to recovery for cyber threats, vulnerabilities, or incidents that threaten the Firm’s clients, assets, or reputation
Drive decision making in order to minimize the Firm’s risk to any cyber event
Develop, maintain, and continually refine Fusion standard operating procedures for escalation, communication, and response and work in collaboration with the respective stakeholder teams to ensure information is accurate and actionable
Coordinate decision making of critical cyber and technology response work by chairing conference calls and publishing formal communication
Conduct cyber incident scenario preparation including scenario development with stakeholder teams, Cyber playbook development and documentation, incident simulations and exercises, as well as post-incident reviews
Develop, exercise, and continually refine Cyber playbooks for a range of potential threat scenarios
Work as part of the global CEM community to develop and tune Morgan Stanley Fusion event response operations
Capture event follow ups and complete formal Post Mortems
Skills required (essential)
Extensive professional experience within security roles, preferably within financial services, law enforcement, the military, and/or the intelligence community
Excellent writing, presentation, and communication skills for event management; plus pre and post event response development.
Ability to communicate confidently and clearly on conference calls, in meetings, via email, etc. at all levels of the organization
Strong interpersonal skills
Experience designing and orchestrating cyber event exercises
Experience of cyber security investigations and understanding of cyber threat landscape
Knowledge of information security threat types and their composition
Knowledge and experience of computer security incident investigations and response processes
Ability to distil technical and complex information into easy to understand business terms for management
Experience working for a globally distributed organization
Willingness to learn about the technology and cyber threat environment
Proven troubleshooting skills within a support environment including a strong sense of commitment and drive towards incident resolution.
Experience of Major Incident Management
Experience of 24/7 operational environment
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals
Given the continued spread of COVID-19 (coronavirus), all interviews will be conducted by phone or virtual connection to protect our candidates and employees.#LI-AS2