Technology Risk Testing Manager – Vice President
Company | Morgan Stanley |
---|---|
Location | Alpharetta, GA, USA |
Salary | $Not Provided – $Not Provided |
Type | Full-Time |
Degrees | Bachelor’s |
Experience Level | Senior, Expert or higher |
Requirements
- Bachelor of Science required with a concentration in Computer Science or Information Technology.
- 8+ years audit/risk/compliance experience in the financial services industry, a regulator, or a self-regulatory organization.
- Experience leading and conducting Technology reviews.
- Investigative skills – inquiry and analysis, interviewing, testing, risk assessment capabilities
- Ability to research and resolve issues independently while working across teams to acquire information.
- Risk Management Knowledge – strong understanding of financial industry risk and control and the ability to critique relevant language.
- Strong analytical, organizational, and problem-solving skills.
- Ability to prioritize and work effectively on multiple reviews with different individuals at the same time.
- Ability to work independently, as well, as in a team.
- Strong verbal and written communication skills
- High degree of organization and attention to detail.
- Proficiency with Microsoft Word, Excel, PowerPoint, Adobe, SharePoint and ability to quickly learn automated systems.
Responsibilities
- Assist in the development and maintenance of the annual technology testing plan.
- Manage a team of technology risk testing personnel; monitor capacity and distribute work assignments to ensure timely delivery of assigned engagements.
- Develop and deliver engagement announcements.
- Review, approve, and deliver engagement scope memos.
- Lead engagement kickoff meetings for stakeholders; lead periodic engagement progress updates.
- Supervisory fieldwork-Oversee the day-to-day operations of the team’s testing activities:
- Review and approve new test scripts and recipe cards.
- Review technology risk testing personnel workpapers.
- Review and disposition potential technology risk test findings; engage stakeholders accordingly.
- Review proposed action plans and remediation requirements; engage stakeholders accordingly.
- Test execution fieldwork-Perform test activities in accordance with 2L NFR testing standards:
- Interview stakeholders, request and review pertinent policies, standards, procedures, KRI metrics, and other documents, and walk through relevant processes and control environments.
- Develop test scripts and recipe cards.
- Request and validate receipt of relevant data and samples for testing.
- Execute and document test activities in test workpapers.
- Identify and escalate potential test findings.
- Propose action plans and remediation requirements.
- Prepare test reports.
- Review, approve, and deliver final engagement and test reports.
- Track and confirm completion of action plans and their remediation requirements.
- Remain current on industry rules, regulations and best practices to make recommendations to the testing program.
- Develop and maintain effective working relationships with the business units as well as internally within the Legal, Compliance, and Operational Risk Department.
Preferred Qualifications
- Knowledge of global regulatory requirements like GLBA, GDPR, Part 30 Information Security, NYDFS etc. and technology control standards like NIST, FFIEC, COBIT, CIS etc.
- Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) designations are highly desirable.
- Other relevant industry certification in the Technology field (e.g. CISSP, cloud certifications, etc) are a plus.