Identity & Access Management Security Architect - VP Morgan Stanley
New York, NY

Job Description

At Morgan Stanley, we are thinking today about how to plan for and adapt to tomorrow's realities and position ourselves for long-term growth. We pursue sustainability not only because it reflects our values, but also because it is playing an increasingly important role in finance. Morgan Stanley is dedicated to making a positive contribution to society through our core business activities, employment practices, operations and philanthropic giving. Our growing focus on sustainable investing reflects our commitment to delivering scalable innovations and solutions that help maximize the potential for private capital to address the world's most pressing challenges. We believe we can partner with the millions of individuals we serve, as well as the governments and institutions for whom we advise, originate, trade, manage and distribute capital, to advance sustainable solutions globally.

Morgan Stanley is a global financial services Firm with a large and diversified clientele. We encourage you to visit the Firm s Internet site at www.morganstanley.com to learn more about Morgan Stanley.

Technology Risk (TR)'s mission is to deliver first-line defenses to manage risks to Firm technology, information and cyber threats through risk identification, control management and assurance. This allows the business to operate and grow in a secure and legally-compliant manner.

JOB DESCRIPTION

Morgan Stanley's SecArch team is looking for an experienced Identity and Access Management (IAM) Architect, VP to join their established team.

Security Architecture (SecArch) team is part of the Technology Risk (TR) organization. The mission of the team is to protect the Firm by ensuring in-scope technologies built internally, products purchased and services used meet security requirements that include the Firm's Policies, external guidelines, regulatory expectations, and appropriate controls in the areas of information security, secure design, and cyber security. We accomplish this mission via three primary services: architecture consulting, solutions consulting, and design review.

The SecArch IAM Security Architect will be working on multiple security architecture and design assessments spanning a range of technologies, primarily related to IAM on-premises and cloud-based solutions. The architect is expected to be capable of conducting a security architecture review from a general scope, while having subject matter expertise in IAM security. To be successful in this role, the candidate must have deep IAM subject matter expertise and broad overall technology & security experience coupled with risk management, leadership, communication, and time management skills.

RESPONSIBILITIES:

* Work independently to lead SecArch deep dives with business and technology requestor
* Conduct assessment and provide technology risk/requirements to the requestor in the IAM security domain
* Prioritize risks identified in relation to business risks
* Propose solutions to mitigate risks identified
* Establish, communicate and contribute to the overall effort of the Firm's IAM security posture, strategies and direction
* Leverage existing expertise in IAM on-premises or cloud-based solutions to identify gaps in current technology environment and provide strategy for risk reduction
* Perform hands-on assessments of system, applications and platforms as part of control validation and strategy definition
* Produce position papers on testing/research performed
* Periodically review security reference architecture (security blueprints) and conduct updates/enhancements

SKILLS REQUIRED:

Security Architecture Skills

Required - In depth knowledge of IAM security principles, protocols, frameworks, solutions and vulnerabilities. Ability to explain these vulnerabilities to engineers as well as business users.

Required - Experience in at least two of the following domains:

Identity: Identity lifecycle management

Authentication: Multi-factor authentication, Risk based authentication, Federation

Authorization: Entitlement management, Access governance, Privileged access management

Cloud Security: Cloud computing architecture, IAM solutions within Microsoft Azure, Amazon Web Services (AWS) and, preferably, other cloud providers

Required - Hands-on experience in at least three of the following IAM protocols and solutions: SAML, Siteminder, Kerberos, OpenID Connect, OAuth, Smartcard, U2F, UAF, RADIUS, PingFederate, ADFS, Azure AD, CyberArk, HiPAM and OpenIDM.

Highly Desired - Hands-on experience in Microsoft Azure IAM solution

Highly Desired - Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments.

Desired - Experience in conducting security assessments with a strong focus on reviewing technical designs and functional requirements to identify areas of security weakness, presenting the outcomes of the assessment and obtaining buy in.

Desired - Experience in the following security domains:

Data protection, data leakage prevention and secure data transfer and storage

Application Security - validation checking, software attack methodologies

Cryptography - encryption and hashing

Soft Skills (Required)

Excellent communication skills: written, oral, presentation, listening

Ability to influence through factual reasoning

Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking

Strong focus on delivery when presented with short timelines and increased involvement from senior management

Ability to adjust communication of technology risks vs business risks based on the audience

Ability to operate in multiple virtual teams, directly manage teams, or ability to operate as a sole-contributor

Development Experience

Required - Even though the SecArch Integrator role is not a development role, the candidate must have previous background in programming, design and application architecture.

Required - In order to be a practical SecArch Integrator shall have experience implementing complex applications in an enterprise environment.

Desired - Knowledge of programming and scripting languages: Java, JavaScript, C#, C/C , Perl, Python, Ruby

Desired - Knowledge of web technologies such as Web Browsers, Web Servers, Web Services

Other Areas of Expertise

Desired - Understanding of geographic regulations and their impact on Security assessments

Desired - Previous experience in Financial Services is preferred

Desired - CISSP, CISM, GSEC or other industry qualification

Desired - Experience working with global organizations

Educational Requirements

Bachelor's Degree in Computer Science, Information Security or other Engineering Degree with minimum 5 years relevant work experience in high-paced, enterprise environment