2023 Internal Audit - Cybersecurity Full-Time Analyst Program (Baltimore)
We offer:
Internal Audit offers a two-and-a-half-year Analyst program in Cybersecurity. Analysts will gain broad exposure to different coverage areas and teams, while developing an understanding of firm processes, products and systems; audit principles; and a range of audit activities. In addition, Cybersecurity Audit Analysts the opportunity to learn about cutting edge technology including: vulnerability assessments & risk frameworks, cybersecurity layered defense model, across distributed, mainframe and cloud platforms. Analysts will also have exposure to understanding the security implementation across the Institutional Securities, Wealth Management & Investment Management businesses, including electronic trading, Morgan Stanley online platform and digital products.
The Full-Time Analyst Program includes a one-day firmwide orientation, followed by a two-week business unit-specific training program, focused on business, technical and professional knowledge specific to Morgan Stanley. Analysts will also attend a weeklong Internal Audit-specific training designed to provide basic product knowledge, an overview of audit principles and Morgan Stanley's audit methodology, and training in professional skills, such as business writing and presentation skills.
You will:
- Develop a working knowledge of business terminology and basic auditing standards
- Take part in team meetings to learn about Morgan Stanley’s cybersecurity methodology and gain an understanding of the business units under review (e.g. policies and procedures, roles and responsibilities, systems, processes, risks and controls)
- Participate in audit planning and scoping to assist the team in determining innovative cyber risk-based approaches to evaluate Morgan Stanley technology
- Assist in identifying key controls; creating the process, risk and control (PRC) matrix; and uploading documentation to the audit workflow tool
- Create and execute control tests and document all work performed in a clear, concise and re-performable manner as part of fieldwork
- Conduct technical reviews of documentation for payment systems, pricing models and other firm applications
- Analyze data in accordance with firm policy and industry best practices, including National Institute of Standards and Technology (NIST) Cybersecurity Frameworks
- Communicate testing exceptions and control deficiencies to senior management within Internal Audit and the business as part of reporting
- Track and close technical findings resulting from cybersecurity and integrated audits or identified by US or UK regulators federal regulators
Qualifications:
- You are pursuing a master’s degree in computer science or a technology-related field and you have or are pursuing CISA, CISSP, CSX, CEH, OSCP or equivalent
- Minimum cumulative GPA of 3.0
- Strong technical and analytical skills, and working knowledge of Microsoft Excel
- Strong understanding of computing and networking fundamentals
- Knowledge of Cybersecurity frameworks and threat models
- Hands-on experience using network and software assessment tools
- Hands-on experience with scripting and programming languages, preferred
- Graduate between December 2022 and May 2023, and less than three years of full-time professional experience
This Program is closed to applications.