Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide from more than 747 offices in 42 countries. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values based on integrity, excellence and giving back. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

　　About MISM China

　　Morgan Stanley Investment Management China (MSIM China), strives to provide diverse investment management services to a full spectrum of clients across both individual and institutional investors. Established as a joint venture in 2008, MSIM China became fully owned by Morgan Stanley Investment Management in 2023.

　　Benefiting from the global perspective and risk management capability of Morgan Stanley, MSIM China has established a variety of mutual fund and private fund portfolios covering fixed income, active equity, quantitative equity, multi-asset and sustainable investing strategies. Our portfolios have won many prestigious awards, including Morningstar Awards and Golden Bull Awards, which is a testament to our expertise and capabilities.

　　JOB SCOPE / RESPONSIBILITIES:

　　¨æ" datetime="2021-09-10T15:51">

　　As a Technology Risk officer, you will support the technology risk and governance function, ensuring the company is able to address rapidly changing threats, technologies, and business conditions.

　　RESPONSIBILITIES:

　　• Identify, measure, manage and monitor the technology risks, cybersecurity risks, and regulatory risks associated with company's business development and activities.

　　• Conduct risk assessment processes for technology, perform gap analysis and compliance assessment to identify potential regulatory issues and to drive remediation planning to ensure the controls effectiveness.

　　• Support audits and reviews performed by internal or external groups from initiation through closure, liaise with global teams to address queries and gather evidence, and facilitate closure of resulting remediation actions.

　　• Manage and participate in risk assessments, internal testing of operational policies and procedures, remediation scoping, reporting and engagement with stakeholders.

　　• Closely collaborate with technology teams and risk stakeholders across the lines of defense, both globally and regionally

　　• Provide assurance to technology management those controls are designed and operating effectively and provide visibility to the extent of operation compliance across IT in relations to policies, guideline and regulations.

　　QUALIFICATIONS

　　REQUIREMENTS:

　　Bachelor's degree in a related field10+ years directly relevant experience in IT risk management and/or IT auditsPrevious experience with technology controls programs and risk domains (e.g. NIST, COBIT / ITIL, frameworks) or compliance programs (e.g. ISO27000, SOC1&2 reporting)Exceptional verbal and written communication skills, including the ability to translate requirements effectively and coordinate team discussionMust be detail-oriented, very organized and value the integrity of the data with strong analytical and problem-solving ability, capability switch context quickly and work onExcellent teamwork skills, capable of working effectively across a variety of IT and Business groups, across regions, roles and able to interact effectively with all management levelsProven ability to influence cross-functional teams without formal authorityHigh proficiency with MS Office and related applications (Word, Excel, PowerPoint, Access, Visio, Project) with advanced skill in data manipulation using Excel.Working knowledge of agile methodologies and organization principlesExperience within the financial services or similarly regulated industryUnderstanding of Operational Risk and associated regulations (e.g., Basel, SOXGeneral understanding of technology infrastructure (compute, storage, database, network, data centers, security, etc.) and IT service management. Control or Risk management related certifications (e.g. CISA, CISSP, CRISK)Experience in managing committees (e.g. planning, meeting minutes and tracking tasks)