Security Architect

The ideal candidate will have strong institutional knowledge deep technical application security experience penetration testing as well as management experience.
They will additionally act as a regional lead representing the Security Design team locally ensuring consistent delivery and alignment with global standards.

This role is part of a global Security Design team. The team will perform security assessments and security deep dives of a wide range of applications used within Morgan Stanley such internally developed systems and vendor platforms. The team partners with application and application infrastructure developers as well as business owners.
The successful candidate will also liaise with local senior Technology management and Risk Officers to align regional business needs with Security Design operations.

The ideal candidate will be able to identify technical control gaps through architecture assessments and hands-on security testing as well as providing detailed remediation guidance to developers. The ideal candidate will also be able to explain to business owners the risk to the business introduced by the identified control gaps.

The ideal candidate will be able to technically mentor members of this team and build partnerships with developers and engineers.

The successful candidate will be responsible for the quality of the security assessments as well as the teams throughput.
They will also contribute to continuous improvement of security reference architectures and participate in global governance processes.

This team works with all Technology divisions and all lines of businesses within Morgan Stanley.

This team will perform security assessments on a very diverse technology stack: i.e. from agentic AI systems and foundational models to internet facing web applications internal thick clients iOS and Android applications.

Specific role responsibilities include:
> Act as country lead managing day-to-day local operations and coordinating with global management to ensure timely delivery and resource alignment.
> Participate in and contribute to Technology Risk governance and regional security strategy planning.
> Threat model emerging technologies related to Generative AI such as Retrieval Augmented Generation Agent Orchestration and others
> Define security guidance in collaboration with other stakeholders to minimize the risks associated with these emerging technologies
> Develop patterns to increase the efficiency of the Security Design function
> Identify potential risk in existing platforms and applications with a high risk potential
> Conduct Deep Dive engagements participating throughout the engagement life cycle including planning architecture analysis security testing and risk remediation
> Identify technical control gaps and review security requirements set to remediate identified risks.
> Provide technical security training to the team.
> Ensure that the quality of the security assessments is consistent and meets the objectives.
> Ensure that the throughput of the team meets the objectives.
> Provide architectural and implementation guidance to ensure developers follow security best practices.
> Communicate to the IT System Owners technical details on technical control gaps and provide attack scenarios relevant to the risks identified.
> Communicate to the IT System Owner detailed remediation guidance.
> Articulate risks introduced by technical control gaps to the applications Business Owner.
> Act as the local escalation point for developers and management engaging with the team.
> Peer review security assessments. Qualification

Security Experience

> Application security expertise.
> Ability to explain common application vulnerabilities and detailed remediation strategies to developers.
> Ability to explain technology risks introduced by application vulnerabilities to a systems Business Owner.
> Ability to provide security training to developers.
> Familiarity with cloud security principles and CI/CD environments (AWS Azure GCP).
> Penetration testing experience would be a plus.


Soft Skills:

> Proven ability to influence and communicate effectively across both technical and business audiences including senior management.
> Strong interpersonal skills are critical since the role involves working with developers and executives around the world.
> Ability to multi-task and handle multiple projects.
> Strong oral and written communication skills.
> Thirst for technical knowledge.

Development

> The ideal candidate will have experience in designing and implementing enterprise applications.
> The ideal candidate will have experience with several practical programming languages and technologies such as Python Java MCP/A2A protocols etc.
> Working knowledge of secure SDLC DevOps and automation tooling used in enterprise environments.

Educational Requirements

Masters degree in computer science software engineering or equivalent with minimum eight years relevant work experience in high-paced enterprise environment.
Advanced security certifications (e.g. CISSP OSWE or cloud-specific certifications) are desirable.

Additional
> Technology background in Financial Services.
> N-Tier application design and implementation particularly web-based applications that cross company boundaries.
> Programming experience.
> Track record of executing and leading penetration tests.
> Track record of providing security training to developers.
> Experience managing or mentoring security architects across multiple regions or time zones is preferred.

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first doing the right thing leading with exceptional ideas committing to diversity and inclusion and giving back - arent just beliefs they guide the decisions we make every day to do whats best for our clients communities and more than 80000 employees in 1200 offices across 42 countries. At Morgan Stanley youll find an opportunity to work alongside the best and the brightest in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey offering some of the most attractive and comprehensive employee benefits and perks in the industry. Theres also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe please copy and paste into your browser.

Certified Persons Regulatory Requirements:
If this role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks.

Flexible work statement
Interested in flexible working opportunities Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds talents perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting developing and advancing individuals based on their skills and talents.