Tech Risk protects the Firm's information, systems, and infrastructure from cyber and insider threats; ensures the secure and stable delivery of services to our clients; and adjusts to risks presented by an evolving threat landscape. The department delivers a range of operational capabilities, as well as suite of advanced detection, monitoring and analytics, and also provides expert advice on secure design and development and control effectiveness. Tech Risk manages responses to regulatory and client inquiries about the Firm's technology environment and ensures Technology divisions meet governance and oversight obligations along all lines of defense, driving material and measurable risk reduction. Tech Risk maintains strategic relationships with external entities, both public and private, to facilitate information sharing and innovation in financial services, technology, and government, and is also responsible for building risk education and security awareness programs to increase vigilance across the Firm.

Position Description:

The Cloud Identity and Access Management team is responsible for enabling the public cloud to become a preferred platform across Morgan Stanley IT. This is a global, multi-discipline team responsible for architecting and delivering secure, robust, and innovative solutions which would enable the development teams to build and deploy new applications as well as migrate selected existing applications into the public cloud.

The team works with multiple public cloud providers and are presently looking for an experienced Cloud Engineering specialist familiar with various cloud concepts, services, and tools, preferably from multiple public cloud providers but primarily in the Identity and Access Management space (IAM) for Google Cloud. The candidate will be involved in multiple aspects of the team's work, including evaluation of new cloud products and services, and integrating them into standard Morgan Stanley cloud solutions.

This position will require 24/7 on-call rotation up to once every 10 weeks (about 2 and a half months).

Primary Responsibilities:
• Providing IAM solutions for migrating or new applications in the Morgan Stanley environment across multiple Cloud providers with an emphasis on Google Cloud
• Provide IAM services for complex, multi-tier applications that are migrating to Google Cloud, including authentication and authorization (Role-based access control or i.e., RBAC)
• Selecting appropriate IAM Cloud controls for migrating applications based on given requirements
• Working in a globally distributed team to provide innovative and robust Cloud centric solutions
• Closely working with vendors to develop and deploy Cloud services to meet customer expectations
• Integrate, configure, document, and deploy compliant infrastructure and supporting services in Google Cloud
• Design, optimization and documentation of the operational aspects in Google Cloud
• Troubleshooting problems, resolving root cause, and where possible, fixing the bug(s)
• Collaborate with Risk Management to ensure necessary controls to Cloud services are deployed and tested

Skills Required:
• At least 6 years' relevant experience would generally be expected to find the skills required for this role
• Experience setting up and managing Google Cloud environments
• Strong understanding of IAM services offered in Google Cloud
• Prior experience in providing RBAC solutions for Google Cloud
• Expert knowledge of authentication protocols like SAML, OAuth, OpenID, and Kerberos
• Strong knowledge in providing Federated Identity with solutions such as PING Federate or ADFS
• Experience creating technical architecture documentation
• Strong communication and written skills

Skills Desired:
• Working knowledge of Azure Active Directory and using it as an Identity Provider (i.e., IdP) for Google Cloud
• Strong scripting and automation abilities including PowerShell and/or Python
• Prior experience with products from HashiCorp such as Terraform, Vault and Consul
• Prior experience with risk control frameworks and engagements with risk and regulatory functions
• Experience in the financial sector

About us:

Morgan Stanley's goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently, our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.

It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, transgender, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.

Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).

Expected base pay rates for the role will be between $150,000 and $210,000 per year at the commencement of employment. However, base pay if hired will be determined on an individualized basis and is only part of the total compensation package, which, depending on the position, may also include commission earnings, incentive compensation, discretionary bonuses, other short and long-term incentive packages, and other Morgan Stanley sponsored benefit programs.