Flag job

Report

Associate - Technology Cybersecurity Audit (Internal Audit)

Min Experience

2 years

Location

Bengaluru, Karnataka, India

JobType

full-time

About the role

We're seeking someone to join our team as an Associate to work in the technology audit team, within Internal Audit, to manage/execute risk based assurance activities. The Internal Audit Division (IAD) drives attention and resources to vulnerabilities by providing an independent and well-informed view and impactful messages about the most important risks facing our Firm. This is accomplished by performing a range of assurance activities to independently assess the quality and effectiveness of Morgan Stanley's system of internal control, including risk management and governance systems and processes. IAD serves as an objective and independent function within the Firm's risk management framework to foster continual improvement of risk management processes. This is an Associate level position (P2) within Technical Specialist job family, which is responsible for providing extensive subject matter expertise and reinforcing the ability of business and technology audit teams to appropriately assess risk and determine and execute coverage. Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals. Interested in joining a team that's eager to create, innovate and make an impact on the world? Read on. What you'll do in the role: - Execute a wide range of assurance activities (e.g., audits, continuous monitoring, closure verification) with guidance, including which focuses on cybersecurity controls application controls supporting the business processes, including systems development, application security and entitlements, production management, and technology governance(e.g., audits, continuous monitoring, closure verification) - Understand and adopt new audit tools and techniques - Develop clear and concise messages regarding risk and business impact within relevant coverage area - Identify and leverage data to incorporate into analysis of coverage area - Collaborate with a wide range of internal stakeholders to build effective working relationships and to execute on team deliverables - Effectively manage multiple deliverables while delivering high-quality work What you'll bring to the role: - Understanding of audit principles, tools and processes (e.g., risk assessments, planning, testing, reporting and continuous monitoring) - Ability to communicate clearly and concisely and adapt messages to audience - Ability to identify patterns and anomalies in data with guidance - A commitment to practicing inclusive behaviors - Willingness to solicit and provide feedback to further develop self and peers - Strong understanding of industry standards such as the NIST Cybersecurity Framework, NIST 800-53, PCI-DSS, CSA, ISO 27001/02, CIS Top 20 Critical Security Controls (formerly SANS), FFIEC guidelines etc. - Technical knowledge of IT systems, including: - Databases - Operating Systems (UNIX, Linux, Windows, z/OS) - Networking, including VPN, LAN, WAN, WLAN - Firewalls and associated hardware - Backup and Recovery system - Middleware - Virtualization Technologies - Data Loss Prevention tools, Intrusion Detection and Intrusion Prevention tools - Penetration Testing Tools - Tools such as Splunk, ArcSight, WatchTower - Good understanding of threats, vulnerabilities, risk, confidentiality, integrity, availability, cryptography, network security, web-based applications architecture and security, network protocols - At least 2 years' relevant experience would generally be expected to find the skills required for this role

About the company

Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals.

Skills

audit
cybersecurity
nist
pci-dss
csa
iso
cis
databases
operating systems
networking
firewalls
backup
virtualization
data loss prevention
intrusion detection
penetration testing
splunk
arcSight
watchtower