Cyber, Privacy & Resilience Legal Counsel – Vice President in Glasgow

Overview of Cybersecurity & Privacy Legal team

Cyber & Privacy Legal is a global team that focuses on cybersecurity, privacy, fraud and operational resilience matters as it relates to all Morgan Stanley entities.

Primary Responsibilities

• Serve as a principal legal advisor for cybersecurity, privacy, data, fraud and operational resilience matters to all Morgan Stanley entities business units in EMEA.
• Assist in the development of a comprehensive cybersecurity, privacy, data, fraud and operational resilience framework based on applicable laws and regulations in EMEA.
• Partner closely with key stakeholders to provide strategic direction to the Firm as it navigates complicated regulatory environment, in particular in relation to emerging technologies and other strategic projects.
• Advise on requirements and restrictions on the collection, storage and sharing of client and employee information including data localisation and data transfer restrictions, banking secrecy and other data related laws and regulations.
• Advise on restrictions on profiling, surveillance, monitoring and the use of tracking technologies.
• Serve as lead counsel responding to and managing cyber, fraud, information security and operational incidents, including notification obligations to regulators, clients and other third parties.
• Advise on requirements for notices, disclosures, policies and procedures for privacy and information security, consistent with applicable laws and regulations in EMEA.
• Advise on information requests including in relation to individuals exercising their privacy rights, regulatory investigations, litigation data disclosures or other data requests by third parties.

What we’re looking for

• Qualified lawyer with a minimum of 7+ years’ experience, including experience in or with financial services firms and deep knowledge of UK FCA/PRA OpRes rules, EU DORA, NIS2, Cyber Resilience Act, UK/EU GDPR and other related law, such as AI, marketing related laws.
• Strong grounding in cyber risk, incident response, breach notification, and security standards, in particular the ability to guide notifications, liability, communications, and regulator engagement during incidents.
• Ability to interact and effectively advise senior members of the Firm and its business units and translate complex regulatory obligations into concise practical guidance.
• Strong problem-solving skills and ability to understand practical solutions to legal problems a must.
• Polished written and verbal communication skills; position requires executive presence.
• Strong interpersonal skills and ability to work in a group or independent setting.
• Proven track record of meeting deadlines, learning quickly, taking the initiative, working proactively, being resourceful and shouldering additional responsibility.
• Ability to manage multiple tasks concurrently in an efficient and effective manner.
• International Association of Privacy Professionals (IAPP) Certification helpful, but not required.
• Technical background and knowledge of information security principles preferred but not required.

Certified Persons Regulatory Requirements

If this role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks.

Flexible Work Statement

Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

Equal Opportunity Employer

Morgan Stanley is an equal opportunity employer committed to building and maintaining a workforce that is diverse in experience and background. Our recruiting efforts reflect our strong commitment to a culture of inclusion, where individuals are hired, developed, and advanced based on their skills and talents.