Vice President - New Applications Certification
Morgan Stanley
New York, Ny
Assessed applications for compliance with regulatory and firm policies, standards, and procedures covering the following areas: Information Security; Change Management; Disaster Recovery; Incident and Problem Resolution; Data Retention; and Systems Development Lifecycle.• Developed risk based assessment program, conducted substantive evidence gathering sessions to measure control effectiveness with Technology personnel (including management and support staff) and summarized results of assessment.• Prepared management reports for review and sign-off for over 125 applications.• Improved efficiency and effectiveness of technology risk assessments by implementing metrics and dashboard. This centralized assessment findings tracking and remediation process streamlined management reporting and issue tracking, follow-up, and escalation for over 3500 issues identified in assessments. Monitored project progress for issue remediation.• Assisted in providing advice and support to senior technology systems owners throughout Institutional Securities and Asset Management departments. o Communicated firm and regulatory policies regarding the Firm's Technology Risk and Information Security requirements for new systems (~ 500). o Assisted with annual compliance and re-certification of in-scope systems (~ 2000+). o Assisted in review of external client facing systems to ensure compliance with Information Security Policies. o Assisted with gathering information for regulators during regulatory exams/inquiries/sweeps.• As the Subject Matter Expert for the team, reviewed policies and standards including Disaster Recovery, Authentication, Authorization, and Audit Trail, Change Management, Data Management, and Data Security to ensure certification process complied with current Firm requirements as well as FFIEC guidelines.