SecOps- Audit and Compliance

MSCI SecOps is a multifunctional team with operations grouped into SOC Operations Vulnerability Management Perimeter Security. One of the key parts of the operations is the role for the audit and compliance.

• This role is an individual contributor responsible for planning and executing audit and regulatory required tasks such as access review.
• It includes meeting the requirements of various standards and regulations including:
  • SOX (SarbanesOxley Act)
  • SOC Type 1 and Type 2 (Service Organization Control)
  • ISO27001 (Information Security Management)
  • BMR (Benchmark Regulation)
• The role involves facing internal and external audits including client queries.
• It requires providing evidence and clarifications as needed during these audits

• Maintain the correct understanding of the control wordings and risks they are covering:
• Ensure that the control wordings are accurately interpreted and understood.
• Identify and assess the risks associated with each control.
• Continuously update knowledge on control requirements and risk management.
• Drive the scoping discussion with different stakeholders:
• Initiate and lead discussions with various stakeholders to define the scope of audit and compliance activities.
• Collaborate with stakeholders to ensure that all relevant aspects are considered.
• Document the outcomes of scoping discussions for future reference.
• Plan and execute the activities required to meet the compliance requirements:
• Develop detailed plans for executing compliancerelated tasks.
• Ensure that all activities are aligned with regulatory and audit requirements.
• Monitor progress and adjust plans as necessary to meet deadlines.
• Coordinate with different stakeholders for timely closure of the activities:
• Communicate effectively with stakeholders to ensure timely completion of tasks.
• Address any issues or delays promptly to keep activities on track.
• Facilitate collaboration among stakeholders to achieve common goals.
• Track the remediation for completeness:
• Monitor the remediation process to ensure that all issues are addressed.
• Verify that corrective actions are implemented effectively.
• Maintain records of remediation activities for audit purposes.
• Drive control improvement tasks:
• Identify opportunities for improving existing controls.
• Develop and implement strategies for enhancing control effectiveness.
• Continuously evaluate and refine control processes.
• Drive (and if possible implement) automation tasks using scripting to improve the efficiency of the data collection and review tasks:
• Explore automation solutions to streamline data collection and review processes.
• Develop scripts and tools to automate repetitive tasks.
• Implement automation solutions to enhance efficiency and accuracy.

• Familiarity with regulatory and audit requirements (e.g. SOX SOC ISO27001 BMR).
• Knowledge of risk assessment and management techniques.
• Ability to provide evidence and clarifications during audits.
• Ability to maintain records of remediation activities.
• Ability to develop and implement strategies for enhancing controls.
• Knowledge of scripting languages and automation tools.
• Project management skills to develop and execute detailed plans

What we offer you

• Transparent compensation schemes and comprehensive employee benefits tailored to your location ensuring your financial security health and overall wellbeing.

• Flexible working arrangements advanced technology and collaborative workspaces.

• A culture of high performance and innovation where we experiment with new ideas and take responsibility for achieving results.

• A global network of talented colleagues who inspire support and share their expertise to innovate and deliver for our clients.

• Global Orientation program to kickstart your journey followed by access to our platform LinkedIn Learning Pro and tailored learning opportunities for ongoing skills development.

• Multidirectional career paths that offer professional growth and development through new challenges internal mobility and expanded roles.

• We actively nurture an environment that builds a sense of inclusion belonging and connection including eight Employee Resource Groups. All Abilities Asian Support Network Black Leadership Network Climate Action Network Hola! MSCI Pride & Allies Women in Tech and Womens Leadership Forum.

At MSCI we are passionate about what we do and we are inspired by our purpose to power better investment decisions. Youll be part of an industryleading network of creative curious and entrepreneurial pioneers. This is a space where you can challenge yourself set new standards and perform beyond expectations for yourself our clients and our industry.

MSCI is a leading provider of critical decision support tools and services for the global investment community. With over 50 years of expertise in research data and technology we power better investment decisions by enabling clients to understand and analyze key drivers of risk and return and confidently build more effective portfolios. We create industryleading researchenhanced solutions that clients use to gain insight into and improve transparency across the investment process.

MSCI Inc. is an equal opportunity employer. It is the policy of the firm to ensure equal employment opportunity without discrimination or harassment on the basis of race color religion creed age sex gender gender identity sexual orientation national origin citizenship disability marital and civil partnership/union status pregnancy (including unlawful discrimination on the basis of a legally protected parental leave) veteran status or any other characteristic protected by law. MSCI is also committed to working with and providing reasonable accommodations to individuals with disabilities. If you are an individual with a disability and would like to request a reasonable accommodation for any part of the application process please email and indicate the specifics of the assistance needed. Please note this email is intended only for individuals who are requesting a reasonable workplace accommodation; it is not intended for other inquiries.

To all recruitment agencies

MSCI does not accept unsolicited CVs/Resumes. Please do not forward CVs/Resumes to any MSCI employee location or website. MSCI is not responsible for any fees related to unsolicited CVs/Resumes.

Note on recruitment scams

We are aware of recruitment scams where fraudsters impersonating MSCI personnel may try and elicit personal information from job seekers. Read our full note on careers.msci