Information Security Analyst - Cloud

Morgan Stanley ,
Glasgow, City of Glasgow

Overview

Job Description

Company Profile Morgan Stanley is a global financial services firm and a market leader in investment banking, securities, investment management and wealth management services. With offices in more than 43 countries, the people of Morgan Stanley are dedicated to providing our clients the finest thinking, products and services to help them achieve even the most challenging goals. As a market leader, the talent and passion of our people is critical to our success. We embrace integrity, excellence, teamwork and giving back. Department Profile Technology & Operations Risk (TOR) manages operational and technology related risks on behalf of the Firm. The group's key principles are to provide proactive, comprehensive and consistent risk management, to enable the execution of the Firms strategy. Technology & Operations Risk's mission is to deliver first-line defences to manage risks to Firm technology, information and cyber threats through risk identification, control management and assurance. This allows the business to operate and grow in a secure and legally-compliant manner. Our vision is to deliver Programs that protect and enable the business, ensure secure delivery of services to our clients, adjust to address the risks presented by an evolving threat landscape, meet regulatory expectations, and offer highly attractive career opportunities. Team Profile The Morgan Stanley Information Security and Monitoring team's mission is to partner with internal and external risk and technology organizations to continuously identify, deter, prevent, detect, respond, and report evolving threats to the confidentiality, integrity, and availability of the firms sensitive information assets. Primary Responsibilities With a specific emphasis on cloud-hosted platforms and services, the Information Security Analyst is responsible for liaising with business units, business unit-aligned technology teams, security platform technologists, and security monitoring teams to: - Identify business-critical information assets - Document business processes and related information lifecycles to understand the creation, transformation, movement, housing, and destruction/archiving of sensitive information - Document threats and associated techniques, tactics and procedures that place information assets at risk - Perform gap assessments of existing controls to target operating state/requirements - Evaluate, review and develop information protection policies and standards. - Map existing controls and controls under development to the threats and TTPs - Identify, document, and prioritize control gaps based on probability and impact to the firm - Initiate and track control development processes on prioritized control gaps - Coordinate with teams leading migrations of platforms, applications, and services to the cloud to ensure control objectives are clearly articulated, prioritized, met and assessed on a regular basis Skills required