Non-Financial Risk Manager - CTIS - Executive Director

The NFR Cyber, Technology and Information Security (CTIS) Department is focused specifically on managing cyber, technology and information security risks, globally. NFR CTIS brings together rules management, standard setting, assessing risk, process and controls by technology domains, advising the business, and an oversight and testing function to provide a comprehensive risk management decision for cyber, technology and information security related risks. Cybersecurity, Information Security and Technology risk management is critical to ensure the confidentiality, integrity and availability of Firm Information, Systems and Assets. Cybersecurity risk refers to managing and protecting the Firm's information assets and operations from cyber threats, e.g., cyber events or attacks resulting from inadvertent or intentional acts involving deception, falsification, destruction, etc. Information Security risk refers to protecting the confidentiality, integrity and availability of Firm's information and systems, e.g., internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of confidential information and systems. Technology risk refers to ensuring and protecting the availability, stability, capacity and recovery capabilities of the Firm's key systems, e.g., loss, damage or business disruption resulting from inadequate or failed processes, people and systems or from external events. Morgan Stanley is seeking a Risk professional to lead the Asia Cyber, Technology and Information Security (CTIS) Oversight Department within the Non-Financial Risk Organisation in Hong Kong at the Executive Director level. CTIS Risk Oversight is the practice of monitoring risks related to the confidentiality, availability and integrity of the Firm's systems and information including associated processes and controls. The successful candidate will be responsible for running a team focused on executing independent oversight and monitoring of risks and controls around the Firm's cyber, technology and information security risks. Primary Responsibilities The role includes the following primary responsibilities: * Be a senior member of the global NFR CTIS team, providing regional and global views on CTIS risk management. * As a senior member of the NFR CTIS team support and maintain the non-financial risk framework across the Asia entities to manage CTIS risks. * Provide thought leadership to drive strategic and tactical evolution necessary to maintain effective and efficient CTIS risk management. * Provide independent oversight and monitoring of risks and controls CTIS to help inform and drive the 2nd line response to the CTIS risk posture of the Firm and its underlying legal entities. * Prepare for supervisory review non-financial risk management reporting. * Participate and lead operational risk regulatory meetings and responses to regulatory queries. * Directly lead and manage existing and developing 2nd line CTIS risk governance processes and committees, including scenario analysis activities. * Keep up-to-date with local operational risk regulations, supporting our rules management function on the applicability of changing or new regulations in region. * Build and maintain strong positive relationships with the CTIS community in the respective business and control groups, becoming a trusted advisor. * Work with relevant 1st line risk and control owners in assessing inherent and residual risk levels based on the non-financial risk framework and relative to business appetite, including developing and monitoring metrics for Top Operational Risks and Pathways. * Manage the team in the review and challenge of operational risk incidents, issues and actions, metrics, Risk and Control Assessments; facilitate Scenario Analysis workshops on CTIS risks relevant to the entity Qualifications and Essential Skills: * Degree (Computer Science or Information Security, preferable but not essential) * 15+ years' worth of technology and or security risk related work experience, preferably in the financial services industry * Experience in Technology (IT) Risk Management and or Technology (IT) Audit including Information Security , Cyber Security or Resilience risk * Relevant industry certifications e.g. CISA. CISM, an added advantage * Excellent communication skills, both verbal and written; ability to tailor communication to technical and non-technical audiences * Strong interpersonal skills in order to work in a team oriented environment * Strong leadership, people management, stakeholder management and influencing skills * Strong project management and organization skills * Ability to multitask and prioritize, and, * Strong analytical and problem-solving skills. WHAT YOU CAN EXPECT FROM MORGAN STANLEY: At Morgan Stanley, we raise, manage and allocate capital for our clients – helping them reach their goals. We do it in a way that’s differentiated – and we’ve done that for 90 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work. To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices​ into your browser. Morgan Stanley is an equal opportunity employer committed to building and maintaining a workforce that is diverse in experience and background. Our recruiting efforts reflect our strong commitment to a culture of inclusion, where individuals are hired, developed, and advanced based on their skills and talents. Our workforce reflects a broad cross-section of the global communities in which we operate, bringing a variety of backgrounds, talents, perspectives, and experiences. For more information, please visit: https://www.morganstanley.com/people-opportunities/eeo.