Internal Audit Cybersecurity Associate

Job Description

Given the continued spread of COVID-19 (coronavirus), all interviews will be conducted by phone or virtual connection to protect our candidates and employees.

Internal Audit is responsible for validating whether the firm operates in a controlled environment with appropriate risk management processes. Auditors evaluate the adequacy and effectiveness of the firm's internal controls using a risk-based methodology developed from professional auditing standards. Internal Audit assists in monitoring the firm's compliance with internal guidelines set for risk management and risk monitoring, as well as external rules and regulations governing the industry.

The department reports directly to the Board Audit Committee and helps verify whether the firm meets all of its fiduciary responsibilities to shareholders, while adhering to corporate governance standards and legal and regulatory requirements. Internal Audit is comprised of Business and Technology auditors. Business auditors focus on understanding the risks that the businesses face and the controls to mitigate those risks. Technology auditors focus on the application controls supporting the business processes, including systems development, application security and entitlements, production management, and technology governance. Both groups are responsible for understanding, analyzing and testing the controls to protect the franchise.

Background on the Position

The role will reside in Budapest and be part of the EMEA Internal Audit Technology audit team. The team covers application technology, infrastructure and cyber security audits. Morgan Stanley is seeking a strong candidate to cover, Information Security and Cybersecurity supporting the firm. Cybersecurity Auditors focus on general and infrastructure controls that mitigate cybersecurity risk for the technology supporting the enterprise. The auditor is responsible for understanding, analyzing, and testing the technology controls including those over architecture and configuration, systems development, security and entitlements, production management and governance.

You will:

• Execute audit assignments with primary focus on cybersecurity
• Design and execute risk-based audit programs in order to assess the design and effectiveness of key technology and/or security controls for critical systems and processes.
• Identify and evaluate key cybersecurity risks.
• Partner with Application and Business Auditors, and work collaboratively within a team
• Maintain ongoing dialog with key stakeholders regarding risks identified and necessary improvements to the control framework.
• Provide cybersecurity audit coverage in integrated audits through risk assessments, audit planning, testing and reporting.

Qualifications

You have:

• Masters/ Bachelor's in Computer Science, Information Technology Management, Information Security, Technology Risk & Control Assurance or other relevant subject.
• Industry relevant certifications like CISA, CISSP, CEH, OSCP etc. will be an added advantage.
• Microsoft and Cisco certifications are a plus
• Strong verbal and written communication skills
• Able to present at various level of management
• Lead and motivate people to achieve results
• Ability to multi-task between several projects
• Team player with ability to work independently in a fast-paced environment and within a small team setting.
• Experience in auditing interfaces, infrastructure, data processing and computer general controls.
• Strong understanding of industry standards such as the NIST Cybersecurity Framework, NIST 800-53, PCI-DSS, CSA, ISO 27001/02, CIS Top 20 Critical Security Controls (formerly SANS), FFIEC guidelines etc.
• Technical knowledge of IT systems, including:

Databases

• Operating Systems (UNIX, Linux, Windows, z/OS)
• Networking, including VPN, LAN, WAN, WLAN
• Firewalls and associated hardware
• Backup and Recovery system
• Middleware
• Virtualization Technologies
• Data Loss Prevention tools, Intrusion Detection and Intrusion Prevention tools
• Penetration Testing Tools
• Tools such as Splunk, ArcSight, WatchTower
• Good understanding of threats, vulnerabilities, risk, confidentiality, integrity, availability, cryptography, network security, web-based applications architecture and security, network protocols
• Experience with Data Analysis using data mining tools
• Familiarity analyzing results from Penetration testing
• Practical IT work experience is a plus
• Scripting and programming experience is beneficial

Experience

• 3-4 years of industry-related experience preferably in application security, cloud security, perimeter security, endpoint security (Required)
• 2-3 years of industry-related IT audit experience (Required)
• General understanding of the internal audit processes (e.g., risk assessments, planning, testing, reporting and continuous monitoring) (Required)

About Morgan Stanley:

Morgan Stanley provides a superior foundation for building a professional career - a place for people to learn, achieve and grow. You will be exposed to a truly international and multi-cultural environment that appreciates and respects individuality. Our state-of-the-art offices in the City Centre have been designed to maximize collaboration.

Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.

For further information, and to apply, please visit our website via the “Apply” button below.