Morgan Stanley is a global financial services firm that maintains significant market positions in each of its business segments: Institutional Securities, Wealth Management, and Investment Management. Through its subsidiaries and affiliates, Morgan Stanley provides a wide variety of products and services to a large and diversified group of clients and customers, including corporations, governments, financial institutions, and individuals. The Associate/Analyst roles will report to a local AVP and will be responsible for supporting first line of defense privacy risk management program and activities related to the collection, use, processing, sharing, and protection of bank individual client data. Key Responsibilities: > Support U.S. Banks Privacy Risk team managing the privacy risk program to ensure compliance with Privacy Laws/Regulations. > Specific duties will range across various areas, including: > supporting the PII Processing Validation (PPV) process, including conducting end-to-end PPVs for Bank technology applications and Vendors, leading/coordinating PPV conversations with stakeholders, ensuring PPV cases and results/findings are tracked properly. Goal of process is to challenge accuracy of PII processing declarations by system/service owners in firm systems of record. > supporting the Privacy Incident Management process, including reviewing, analyzing and properly tagging privacy incidents that impact US Banks clients. Goal of process is to identify/confirm data loss incidents recorded in firm system of record are accurately tagged to U.S. Banks when Banks client impact is identified. > supporting the Complaints review process, including reviewing, analyzing and researching complaint details to ensure opening of a corresponding data incident as appropriate. Goal of process is to support proper creation of data loss incidents recorded in firm system of record. > supporting monthly monitoring/testing functions, including conducting tests, inserting metrics into monthly scorecard, and oversight of end-to-end process. > supporting reviews (by 2LOD and 3LOD) and exam (by regulators) by archiving and tracking requests/responses, managing to deadlines and coordinating team participation. > supporting privacy risk issue management by tracking and reporting as appropriate. > supporting development of Privacy Risk framework documentation, including assisting with creation of data flows, process flows, standards and procedures.