Director - Technology & Cybersecurity Audit

About the Role

We are seeking an experienced Technology & Cybersecurity Audit Director to lead assurance activities across critical infrastructure, cybersecurity, and business continuity processes. This role is pivotal in assessing and strengthening the Firm's technology control environment, ensuring resilience against evolving threats, and driving impactful risk management improvements.

The Internal Audit Division (IAD) drives attention and resources to vulnerabilities by providing an independent and well-informed view and impactful messages about the most important risks facing our Firm. This is accomplished by performing a range of assurance activities to independently assess the quality and effectiveness of Morgan Stanley's system of internal control, including risk management and governance systems and processes. IAD serves as an objective and independent function within the Firm's risk management framework to foster continual improvement of risk management processes. This is a Director role in the Technical Specialist function, which is responsible for providing extensive subject matter expertise and reinforcing the ability of business and technology audit teams to appropriately assess risk and determine and execute coverage.

Location: New York, NY (Hybrid: 4 days in office)

What you'll do in the role

• Help identify risk and impact to cybersecurity, infrastructure, and technology governance across multiple technology domains, including cloud, virtualization, and emerging threats to prioritize areas of focus
• Execute and lead aspects of assurance activities (e.g., audits, continuous monitoring, closure verification) focused on cybersecurity, infrastructure, and application controls to assess risk and formulate a view on the control environment
• Facilitate conversations with technology stakeholders on risks, their impact and how well they are managed in a clear, timely and structured manner
• Assist in managing multiple deliverables in line with team priorities
• Partner with application technology and business auditors to deliver integrated audit coverage
• Solicit and provide feedback and participate in formal and on-the-job training and mentorship to further develop self and peers

What you'll bring to the role

• Minimum 4+ years of IT audit experience auditing cybersecurity controls, infrastructure, and general IT controls
• Strong understanding of audit principles, methodology, tools, and processes (e.g., risk assessments, planning, testing, reporting and continuous monitoring)
• Understanding of business line, key regulations and industry frameworks relevant to coverage area (e.g., NIST Cybersecurity Framework 2.0 (CSF 2.0),NIST SP 800-53 Rev. 5, ISO/IEC 27001:2022, PCI-DSS, CIS Controls, FFIEC guidelines, MITRE ATT&CK, OWASP Top 10, 2025 IIA Cybersecurity Topical Requirement, etc.)

• Familiarity with operating systems (UNIX, Linux, Windows, z/OS), networking (VPN, LAN/WAN, Firewalls), databases, middleware, and cloud platforms (AWS, Azure, Google Cloud)
• Deep understanding of cybersecurity tools and frameworks, including:
  • Modern SIEM platforms: Splunk Cloud, Azure Sentinel, Google Chronicle
  • SOAR platforms: Palo Alto Cortex XSOAR, IBM QRadar SOAR
  • Identity & Access Management: SailPoint, Microsoft Entra, Okta, cloud-based IAM solutions
  • DevSecOps and CI/CD security: Snyk, Veracode, Checkmarx, GitHub Advanced Security
  • Vulnerability Management: Qualys, Rapid7, Tenable
  • Penetration Testing: Kali Linux, Burp Suite Pro, Cobalt Strike
  • Data Loss Prevention, IDS/IPS, and endpoint security: CrowdStrike, SentinelOne
  • AI/ML-powered audit and analytics: MindBridge AI, AuditPal AI, Deloitte Argus

• Ability to identify and analyze multiple data sources to inform point of view; data analytics and scripting/programming experience preferred

• Ability to ask meaningful questions, understand various viewpoints and adapt messaging accordingly
• A commitment to practicing inclusive behaviors

• Educational background in Computer Science, Information Systems, or related field
• Professional certifications such as CISA, CISSP, CISM, OSCP, CEH, CSX-F, AWS/Azure, Cisco preferred

Why Join Us?

Morgan Stanley is a global leader in financial services, committed to innovation and excellence. As part of our Technology Audit team, you will play a critical role in safeguarding the Firm's technology ecosystem and influencing strategic risk decisions.

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren't just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you'll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There's also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe, please copy and paste into your browser.

Expected base pay rates for the role will be between $108,000 and $155,000 per year at the commencement of employment. However, base pay if hired will be determined on an individualized basis and is only part of the total compensation package, which, depending on the position, may also include commission earnings, incentive compensation, discretionary bonuses, other short and long-term incentive packages, and other Morgan Stanley sponsored benefit programs.

Morgan Stanley's goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently, our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.

It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, transgender, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.

Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).