Cyber Technology & Information Security Non-Financial Risk – Vice-President

Company Profile 

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries. 

As a market leader, the talent and passion of our people is critical to our success.  Together, we share a common set of values rooted in integrity, excellence, and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture. 

Department Profile 

The cornerstone of Morgan Stanley's risk management philosophy is the execution of risk-adjusted returns through prudent risk-taking that protects Morgan Stanley's capital base, liquidity and franchise. Non-Financial Risk (NFR) refers to the risk of actual or potential economic, reputational, regulatory, financial reporting and client impact, resulting from inadequate or failed internal processes, people, and systems, or from external events impacting the full scope of its business activities, including revenue-generating activities and infrastructure groups. NFR is part of the Second Line of Defence providing independent oversight and challenge to management across compliance and operational risks. Given the nature and breadth of operational risk, operational risks are managed at multiple levels e.g. Firmwide, as well as Regional, Business Unit, Infrastructure Group, Control Function and Legal Entity. 

The NFR Cyber, Technology and Information Security (CTIS) Department is focused specifically on managing cyber, technology and information security risks. NFR CTIS brings together rules management, standard setting, assessing risk, process and controls by technology domains, advising the business, and an oversight and testing function to provide a comprehensive risk management decision for cyber, technology and information security related risks. Cybersecurity, Information Security and Technology risk management is critical to ensure the confidentiality, integrity and availability of Firm Information, Systems and Assets. Cybersecurity risk refers to managing and protecting the Firm’s information assets and operations from cyber threats, e.g., cyber events or attacks resulting from inadvertent or intentional acts involving deception, falsification, destruction, etc. Information Security risk refers to protecting the confidentiality, integrity and availability of Firm’s information and systems, e.g., internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of confidential information and systems. Technology risk refers to ensuring and protecting the availability, stability, capacity and recovery capabilities of the Firm’s key systems, e.g., loss, damage or business disruption resulting from inadequate or failed processes, people and systems or from external events.  

Position Description 

Morgan Stanley is seeking a senior risk professional to lead the Cyber, Technology and Information Security (CTIS) Oversight function in Budapest within the Non-Financial Risk (NFR) organisation. This role represents the most senior CTIS leader in the Budapest office, with responsibility for the day-to-day leadership, coordination, and performance of the CTIS team in the location. 

This role reports to the Head of CTIS EMEA, who is responsible for overall accountability for the Department's operations across EMEA (including Rules & Standards, Coverage, and Testing & Measurement). The successful candidate will serve as the senior team member on the Continent, ensuring that global and regional priorities are effectively delivered through the Budapest team. 

The role also has direct responsibility for CTIS coverage of Morgan Stanley’s European Bank legal entity (MSESE) and plays a critical role in supporting the Firm’s ECB supervisory obligations for that entity. The successful candidate will ensure that CTIS risks across the European Bank are appropriately identified, assessed, challenged, and governed in alignment with both regional direction and regulatory expectations. 

What you will do in the role:

• Lead the CTIS Oversight function in Budapest, serving as the senior-most CTIS representative in the location and providing leadership, direction, and oversight to the local team. 

• Own and oversee the CTIS risk profile for MSESE, ensuring comprehensive coverage of cyber, technology, and information security risks. 

• Assist the CTIS Rules & Standards team in its strategic evolution of the CTIS risk management framework across EMEA, ensuring it remains aligned to regulatory expectations, industry best practices, as well as  firmwide risk framework and appetite. 

• Provide independent second line oversight and challenge over CTIS risks, controls, and issues, with a particular focus on systemic risks, emerging threats, and areas of heightened regulatory scrutiny. 

• Lead engagement with European regulators on issues related to the Firm’s continental European legal entities, including ECB-related supervisory activities, ensuring high-quality preparation, clear messaging, and effective response to regulatory inquiries. 

• Oversee CTIS governance and reporting for MSESE ensuring clear articulation of risk themes, exposures, and mitigation actions. 

• Provide senior thought leadership on cyber, technology, and information security risks, including emerging risks, industry developments, and implications for the Firm’s European operations. 

• Review and challenge material CTIS incidents, issues, and remediation activities, ensuring appropriate escalation, root cause analysis, and sustainable risk mitigation.

• Provide primary thought leadership into scenario analysis and stress testing activities related to CTIS risks for MSESE, including severe but plausible risk scenarios. 

• Act as a trusted advisor to senior stakeholders across the first and second lines, influencing risk management outcomes and supporting effective decision-making. 

• Build and maintain strong relationships across global CTIS and NFR leadership, enabling Budapest team to effectively contribute to regional and global priorities. 

• Develop, coach, and lead the Budapest CTIS team, fostering a high-performance culture and building leadership capability within the function. 
   

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents. 
 

What you will bring to the role:

• Degree (Computer Science or Information Security, preferable but not essential) 

• 10+ years’ worth of technology and or security risk related work experience, preferably in the financial services industry 

• Experience in Technology (IT) Risk Management and or Technology (IT) Audit including Information Security , Cyber Security or Resilience risk 

• Excellent communication skills, both verbal and written; ability to tailor communication to technical and non-technical audiences 

• Strong and interpersonal skills in order to work in a team oriented environment 

• Strong leadership, stakeholder management and influencing skills 

• Relevant industry certifications e.g. CISA. CISM, an added advantage 

• Self-motivated with strong analytical, organizational, and problem‑solving skills; ability to work independently, demonstrate resourcefulness, develop well‑structured proposals, and drive complex tasks from start to finish with high accountability