Director – Technology & Cybersecurity Audit

About the Role

We are seeking an experienced Technology & Cybersecurity Audit Director to lead assurance activities across critical infrastructure cybersecurity and business continuity processes. This role is pivotal in assessing and strengthening the Firms technology control environment ensuring resilience against evolving threats and driving impactful risk management improvements.

The Internal Audit Division (IAD) drives attention and resources to vulnerabilities by providing an independent and well-informed view and impactful messages about the most important risks facing our Firm. This is accomplished by performing a range of assurance activities to independently assess the quality and effectiveness of Morgan Stanleys system of internal control including risk management and governance systems and processes. IAD serves as an objective and independent function within the Firms risk management framework to foster continual improvement of risk management processes. This is a Director role in the Technical Specialist function which is responsible for providing extensive subjectmatter expertise and reinforcing the ability of business and technologyaudit teams to appropriately assess risk and determine and executecoverage.

Location: New York NY (Hybrid: 4 days in office)

What youll do in the role

• Help identify risk and impact to cybersecurity infrastructure and technology governance across multiple technology domains including cloud virtualization and emerging threats to prioritize areas of focus
• Execute and lead aspects of assurance activities (e.g. audits continuous monitoring closure verification) focused on cybersecurity infrastructure and application controls to assess risk and formulate a view on the control environment
• Facilitate conversations with technology stakeholders on risks their impact and how well they are managed in a clear timely and structured manner
• Assist in managing multiple deliverables in line with team priorities
• Partner with application technology and business auditors to deliver integrated audit coverage
• Solicit and provide feedback and participate in formal and on-the-job training and mentorship to further develop self and peers

What youll bring to the role

• Minimum 4 years of IT audit experience auditing cybersecurity controls infrastructure and general IT controls
• Strong understanding of audit principles methodology tools and processes (e.g. risk assessments planning testing reporting and continuous monitoring)
• Understanding of business line key regulations and industry frameworks relevant to coverage area (e.g. NIST Cybersecurity Framework 2.0 (CSF 2.0)NIST SP 800-53 Rev. 5 ISO/IEC 27001:2022 PCI-DSS CIS Controls FFIEC guidelines MITRE ATT&CK OWASP Top 10 2025 IIA Cybersecurity Topical Requirement etc.)

• Familiarity with operating systems (UNIX Linux Windows z/OS) networking (VPN LAN/WAN Firewalls) databases middleware and cloud platforms (AWS Azure Google Cloud)
• Deep understanding of cybersecurity tools and frameworks including:
  • Modern SIEM platforms: Splunk Cloud Azure Sentinel Google Chronicle
  • SOAR platforms: Palo Alto Cortex XSOAR IBM QRadar SOAR
  • Identity & Access Management: SailPoint Microsoft Entra Okta cloud-based IAM solutions
  • DevSecOps and CI/CD security: Snyk Veracode Checkmarx GitHub Advanced Security
  • Vulnerability Management: Qualys Rapid7 Tenable
  • Penetration Testing: Kali Linux Burp Suite Pro Cobalt Strike
  • Data Loss Prevention IDS/IPS and endpoint security: CrowdStrike SentinelOne
  • AI/ML-powered audit and analytics: MindBridge AI AuditPal AI Deloitte Argus

• Ability to identify and analyze multiple data sources to inform point of view; data analytics and scripting/programming experience preferred

• Ability to ask meaningful questions understand various viewpoints and adapt messaging accordingly
• A commitment to practicing inclusive behaviors

• Educational background in Computer Science Information Systems or related field
• Professional certifications such as CISA CISSP CISM OSCP CEH CSX-F AWS/Azure Cisco preferred

Why Join Us

Morgan Stanley is a global leader in financial services committed to innovation and excellence. As part of our Technology Audit team you will play a critical role in safeguarding the Firms technology ecosystem and influencing strategic risk decisions.

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first doing the right thing leading with exceptional ideas committing to diversity and inclusion and giving back - arent just beliefs they guide the decisions we make every day to do whats best for our clients communities and more than 80000 employees in 1200 offices across 42 countries. At Morgan Stanley youll find an opportunity to work alongside the best and the brightest in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey offering some of the most attractive and comprehensive employee benefits and perks in the industry. Theres also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe please copy and paste into your browser.

Expected base pay rates for the role will be between $108000 and $155000 per year at the commencement of employment. However base pay if hired will be determined on an individualized basis and is only part of the total compensation package which depending on the position may also include commission earnings incentive compensation discretionary bonuses other short and long-term incentive packages and other Morgan Stanley sponsored benefit programs.

Morgan Stanleys goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.

It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race color religion creed age sex sex stereotype gender gender identity or expression transgender sexual orientation national origin citizenship disability marital and civil partnership/union status pregnancy veteran or military service status genetic information or any other characteristic protected by law.

Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).