At Morgan Stanley, we are thinking today about how to plan for and adapt to tomorrow's realities and position ourselves for long-term growth. We pursue sustainability not only because it reflects our values, but also because it is playing an increasingly important role in finance. Morgan Stanley is dedicated to making a positive contribution to society through our core business activities, employment practices, operations and philanthropic giving. Our growing focus on sustainable investing reflects our commitment to delivering scalable innovations and solutions that help maximize the potential for private capital to address the world's most pressing challenges. We believe we can partner with the millions of individuals we serve, as well as the governments and institutions for whom we advise, originate, trade, manage and distribute capital, to advance sustainable solutions globally.
Morgan Stanley is a global financial services Firm with a large and diversified clientele. We encourage you to visit the Firm s Internet site at www.morganstanley.com to learn more about Morgan Stanley.
Technology Risk (TR)'s mission is to deliver first-line defenses to manage risks to Firm technology, information and cyber threats through risk identification, control management and assurance. This allows the business to operate and grow in a secure and legally-compliant manner.
Morgan Stanley's SecArch team is looking for an experienced Identity and Access Management (IAM) Architect, VP to join their established team.
Security Architecture (SecArch) team is part of the Technology Risk (TR) organization. The mission of the team is to protect the Firm by ensuring in-scope technologies built internally, products purchased and services used meet security requirements that include the Firm's Policies, external guidelines, regulatory expectations, and appropriate controls in the areas of information security, secure design, and cyber security. We accomplish this mission via three primary services: architecture consulting, solutions consulting, and design review.
The SecArch IAM Security Architect will be working on multiple security architecture and design assessments spanning a range of technologies, primarily related to IAM on-premises and cloud-based solutions. The architect is expected to be capable of conducting a security architecture review from a general scope, while having subject matter expertise in IAM security. To be successful in this role, the candidate must have deep IAM subject matter expertise and broad overall technology & security experience coupled with risk management, leadership, communication, and time management skills.
* Work independently to lead SecArch deep dives with business and technology requestor * Conduct assessment and provide technology risk/requirements to the requestor in the IAM security domain * Prioritize risks identified in relation to business risks * Propose solutions to mitigate risks identified * Establish, communicate and contribute to the overall effort of the Firm's IAM security posture, strategies and direction * Leverage existing expertise in IAM on-premises or cloud-based solutions to identify gaps in current technology environment and provide strategy for risk reduction * Perform hands-on assessments of system, applications and platforms as part of control validation and strategy definition * Produce position papers on testing/research performed * Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
Security Architecture Skills
Required - In depth knowledge of IAM security principles, protocols, frameworks, solutions and vulnerabilities. Ability to explain these vulnerabilities to engineers as well as business users.
Required - Experience in at least two of the following domains:
Identity: Identity lifecycle management
Authentication: Multi-factor authentication, Risk based authentication, Federation
Cloud Security: Cloud computing architecture, IAM solutions within Microsoft Azure, Amazon Web Services (AWS) and, preferably, other cloud providers
Required - Hands-on experience in at least three of the following IAM protocols and solutions: SAML, Siteminder, Kerberos, OpenID Connect, OAuth, Smartcard, U2F, UAF, RADIUS, PingFederate, ADFS, Azure AD, CyberArk, HiPAM and OpenIDM.
Highly Desired - Hands-on experience in Microsoft Azure IAM solution
Highly Desired - Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments.
Desired - Experience in conducting security assessments with a strong focus on reviewing technical designs and functional requirements to identify areas of security weakness, presenting the outcomes of the assessment and obtaining buy in.
Desired - Experience in the following security domains:
Data protection, data leakage prevention and secure data transfer and storage