Security Architect, VP, Shanghai
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 42 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
This highly leveraged internal position within Morgan Stanley's IT Security organization has excellent growth potential. The security architecture team works with IT groups on a global basis to ensure that IT projects are executed on a secure basis. The successful candidate will join a team of security generalists in IT Security with different areas of expertise. This team reviews a wide range of projects for security and interfaces with core security infrastructure and platform teams on major projects.
Specific role responsibilities include:
- Work with network, platform, engineering and development teams in architecture design and review session.
- Provide specific security expertise to engineering teams. Areas include secure network design, database access, security testing, authentication methods, implementing encryption, entitlement design, logging, input validation, secure storage design, secure data transfer.
- Identify areas of risk on projects where security requirements cannot be fully addressed in the required time frame of the project. Document and present those risks to senior business, IT and Security team members.
- Help identify areas of security the firm might want to invest in improve IT security.
- Create documentation and guidance on the secure implementation of new technologies in the firm. This involves liaising with other technology subject matter experts to build consensus, outlining areas of improvement in written form and explaining concerns early on.
- Conduct security training for IT groups.