Core Infrastructure Development Security Lead
- Shanghai, Shanghai Shi, China
- Permanent, Full time
- Morgan Stanley
- 22 Aug 17
See job description for details
The Core Infrastructure Development (CID) team is a global development team of 45 people in End User Computing (EUC) with approximately 30 of the team based in Shanghai. The CID Security team of 4 people looks after a number of Data Leakage Prevention (DLP) products that inject various controls into Outlook and the Office suite to tag documents, and prevent the leakage of information externally or to unintended recipients.
Morgan Stanley intends to migrate many of its users to Office 365, and security and control around data is a key element and foundation of this program.
The CID Security team will grow to a team of 7, including this role, and absorb related security products currently spread throughout the CID team.
The key objectives of the role are:
1. Develop a list of required security controls in collaboration with our partners in Technology and Infrastructure Risk (TIR) division with clear prioritization of the requirements based on regulatory mandatory requirements, and risk profile
2. Develop a technology strategy of which current systems (Symantec, iTag, ESC), and new (Exchange DLP, RMS, and O365 Security tool suite) will implement each of the security controls in collaboration with TIR and the existing team
3. Develop a transformation plan and high level design document for current security products owned by the CID Security team to implement the new controls in scope
4. Define any additional resource requirements to implement the plan within the program?s timelines
5. Inspire the team to implement the high level design, and oversee the quality of the implementation
6. Collaborate with operations to deploy the new solution, and decommission existing implementations.
In addition to the technical contribution as the manager of the team, the individual is responsible for
1. Setting clear objectives and goals for the team to resolve key issues and achieve the team's strategy
2. Assigning and delegating responsibility amongst the team members
3. Having weekly meetings with each team member to discuss progress, hear concerns, and act on issues raised by the team
4. Having at least quarterly career discussions with every team member separate from the weekly meetings to understand each team members career objectives, discuss them with the relevant management team members, and provide clear opportunities for each team member to follow up on to achieve their career goals
5. Position themselves to be able to directly observe each member's contribution and provide concrete feedback with clear examples, and articulate the impact
6. Support each team member's development by asking open questions to encourage them to develop their own independent solution, for any assigned task.
As many of the controls today are injected into Outlook and other Office products, the team lead will need to closely collaborate with the CID Office Add-in team. Today many of the team meetings are jointly held between the two teams, with team resourcing shuffling between them due to the overlapping skillsets.*LI-AW1
As many of the controls today are injected into Outlook and other Office products, the team lead will need to closely collaborate with the CID Office Add-in team. Today many of the team meetings are jointly held between the two teams, with team resourcing shuffling between them due to the overlapping skillsets.
Required Technical Skills
· Experience working with security products
· Familiarity with enterprise information security policies
· Implementation of controls to enforce information security policies
Preferred Technical Skills but not required
· Data Leakage Prevention
· Rights Management
· Office 365
· Symantec Security Products
· Office development