Associate - Cybersecurity Audit

Job Description

*Morgan StanleyMorgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firms employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.Department ProfileInternal Audit is responsible for validating whether the firm operates in a controlled environment with appropriate risk management processes. Auditors evaluate the adequacy and effectiveness of the firm s internal controls using a risk-based methodology developed from professional auditing standards. Internal Audit assists in monitoring the firm s compliance with internal guidelines set for risk management and risk monitoring, as well as external rules and regulations governing the industry.The department reports directly to the Board Audit Committee and helps verify whether the firm meets all of its fiduciary responsibilities to shareholders, while adhering to corporate governance standards and legal and regulatory requirements. Internal Audit is comprised of Business and Technology auditors. Business auditors focus on understanding the risks that the businesses face and the controls to mitigate those risks. Technology auditors focus on the application controls supporting the business processes, including systems development, application security and entitlements, production management, and technology governance. Both groups are responsible for understanding, analyzing and testing the controls to protect the franchise.Background on the PositionThe role will reside within the Internal Audit s India - Technology audit team in Mumbai. The team covers application technology, infrastructure and cyber security audits. Morgan Stanley is seeking a strong candidate to cover, Information Security and Cybersecurity supporting the firm. Cybersecurity Auditors focus on general and infrastructure controls that mitigate cybersecurity risk for the technology supporting the enterprise. The auditor is responsible for understanding, analyzing, and testing the technology controls including those over architecture and configuration, systems development, security and entitlements, production management and governance.Primary ResponsibilitiesExecute audit assignments with primary focus on cybersecurityDesign and execute risk-based audit programs in order to assess the design and effectiveness of key technology and/or security controls for critical systems and processes.Identify and evaluate key cybersecurity risks.Partner with Application and Business Auditors, and work collaboratively within a teamMaintain ongoing dialog with key stakeholders regarding risks identified and necessary improvements to the control framework.Provide cybersecurity audit coverage in integrated audits through risk assessments, audit planning, testing and reporting., *Educational & Professional CredentialsMasters/ Bachelor s in Computer Science, Information Technology Management, Information Security, Technology Risk & Control Assurance etc. from a reputed institute.Industry relevant certifications like CISA, CISSP, CEH, OSCP etc. will be an added advantage.Microsoft and Cisco certifications are a plus.Skills RequiredInterpersonal Skills1. Strong verbal and written communication skills2. Able to present at various level of management3. Lead and motivate people to achieve results4. Ability to multi-task between several projects5. Team player with ability to work independently in a fast-paced environment and within a small team setting.Technical Skills1. Experience in auditing interfaces, infrastructure, data processing and computer general controls.2. Strong understanding of industry standards such as the NIST Cybersecurity Framework, NIST 800-53, PCI-DSS, CSA, ISO 27001/02, CIS Top 20 Critical Security Controls (formerly SANS), FFIEC guidelines etc.3. Technical knowledge of IT systems, including:- Databases- Operating Systems (UNIX, Linux, Windows, z/OS)- Networking, including VPN, LAN, WAN, WLAN- Firewalls and associated hardware- Backup and Recovery system- Middleware- Virtualization Technologies- Data Loss Prevention tools, Intrusion Detection and Intrusion Prevention tools- Penetration Testing Tools- Tools such as Splunk, ArcSight, WatchTower4. Good understanding of threats, vulnerabilities, risk, confidentiality, integrity, availability, cryptography, network security, web-based applications architecture and security, network protocols5. Experience with Data Analysis using data mining tools6. Familiarity analyzing results from Penetration testing7. Practical IT work experience is a plus8. Scripting and programming experience is beneficialExperience1. 3-4 years of industry-related experience preferably in application security, cloud security, perimeter security, endpoint security (Required)2. 2-3 years of industry-related IT audit experience (Required)3. General understanding of the internal audit processes (e.g., risk assessments, planning, testing, reporting and continuous monitoring) (Required)

Keyskills :
information technology managementdata miningdata loss preventiondata analysis