Morgan Stanley

Technology Regulatory Risk Analyst

Morgan Stanley
Full Time
Intermediate (3-6 years)

Job Description

Technology Regulatory Risk Analyst

Location: Non-Japan Asia-Hong Kong-Hong Kong-Hong Kong

The Technology & Information Risk department is seeking an experienced Technology Risk professional to join a small, global team responsible for managing responses to regulatory, audit, and client requests and monitoring resolution of regulatory and audit findings. This includes coordinating technology-related regulatory examinations as well as ad hoc requests for information and meetings.

The Regulatory, Audit, and Client Engagement Team fulfills the following responsibilities for the Technology & Data organization:
- provides transparency to Technology & Data Senior Management about the status of:
- fulfilling all technology-related requests received globally
- progress with remediating regulatory and audit findings
- ensure responses to technology-related requests are fulfilled efficiently, consistently, accurately, and timely
- maintains an archive of responses to technology-related requests
- facilitates timely closure of technology-related regulatory and audit findings by advising on remediation plan development and execution

This position requires regular interaction with senior managers and organizational partners including Compliance, Legal, and Internal Audit

- Analyze requests to define the response required, establish response deadlines, and identify impacted technology personnel that will supply and approve the response content
- Mobilize the response effort by notifying impacted personnel and scheduling response preparation meetings
- Serve as a subject matter expert on technology risk management processes and associated regulatory requirements
- Collaborate with personnel tasked with preparing responses to technology-related requests to ensure the common goal of an accurate and timely response
- Collect responses and review them to ensure they are responsive to the request
- Liaise with owners of regulatory and audit findings providing advice throughout the finding lifecycle including remediation plan development, execution, and closure.
- Maintain the archive of responses to technology-related requests
- Prepare status reports for technology-related requests that will be used in Technology & Data Senior Management regular reporting*L1-KW1


Skills Required
- Sound knowledge of Asia financial market laws and regulations impacting technology risk management processes including technology governance, information security, business continuity planning, systems development, project management and supplier management.
- Sound understanding of risk assessment methodologies, internal controls and industry technology risk management frameworks such as ITIL, CobiT, and ISO 27001
- Strong analytical skills required to enable independent research and accurate assessments of adherence to regulatory requirements
- Strong organizational skills and an ability to manage multiple demands and changing priorities. Detail oriented.
- Outstanding communication and interpersonal skills. Ability to work effectively with all levels of the organization. Excellent influencing and negotiation skills.
- Ability to draft high quality written products that are comprehensive, accurate, and tailored to the audience
- Fluent English is essential for this position.

Skills Desired
- Successful track-record of regulatory response coordination
- Technology audit background in a highly complex financial institution
- Industry Certification such as CISA, CISSP, CISM, CRISC
- Solid understanding IT/Cyber Security tools & practices

Professional Qualifications

  • Certified Information Security Manager (CISM)
  • Certified Information System Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)

Technical Skills

  • Audit
  • Business Continuity Planning
  • Project Management
  • Risk Assessment
  • Risk Management