We're seeking someone to join our team as a Senior Security Architecture Specialist in Cyber to be responsible for the security design tooling standards across the firm – translating compliance obligations into operable, developer friendly architecture patterns, while directly operating the design governance toolchain that makes those standards real. In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Software Engineering position at Vice-President level, which is part of the job family responsible for developing and maintaining software solutions that support business needs. Since 1935, Morgan Stanley is known as a global leader in financial services, always evolving and innovating to better serve our clients and our communities in more than 40 countries around the world. Interested in joining a team that’s eager to create, innovate and make an impact on the world? Read on… What You’ll Do In The Role Architecture governance Steward the security architecture standard across all verticals – ADRs, threat models, trust boundaries, and control plane design Produce compliance traceability artifacts mapping architecture decisions to compliance requirements Drive cross team architecture through influence with principal engineers and engineering leads Support security standards, create templates and patterns to increase the efficiency and adoption of security programs. Living Spec & Design Governance Operate and evolve the design governance toolchain Define the ADR lifecycles from creation to deprecation and ensure decision records remain the authoritative reference for architecture choices Build integrations between spec platform and dev tooling to make compliance traceability continuous, not periodic What You’ll Bring To The Role Bachelor’s degree with 7+ years of work experience in the IT field or equivalent. Demonstrated experience designing and governing SDLC security controls at scale – SAST, SCA, OSS governance, and container scanning. Hands‑on experience with policy as code frameworks (OPA, Sentinel, or equivalent) and the ability to review and write policies, not just evaluate vendor tooling. Experience producing architecture decision records, threat models, or equivalent design governance artifacts that served as authoritative references for engineering teams. Strong written and verbal communication, ability to translate architecture decisions into compliance traceability artifacts and executive‑facing recommendation documents. Track record of driving adoption through influence. Strong scripting background (Python, PowerShell). Desired Skills A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field. Business acumen to support the implementation of SAST, DAST, SCA, Container Security, API Security and IaC tools across the enterprise. Ability to perform code reviews with minimal assistance. A self‑starter, with a strong desire for learning new technologies and applying them to solve problems. Expertise in monitoring, alerting, reporting, and data analysis. Experience with two or more of the application build environments like Jenkins, Gradle, Maven. Familiarity with public cloud services. Experience with two or more of the Secure SDLC tools like Github Advanced Security, Snyk, WhiteSource, Sonatype, X‑Ray, Wiz. Experience with Threat Analysis. DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc.). Experience with evaluation, integration and onboard of application security tools. All our positions are located in Montreal, Quebec. We offer a hybrid work environment, combining remote work and attendance in the office. Knowledge of French and English is required. Morgan Stanley is an equal opportunity employer committed to building and maintaining a workforce that is diverse in experience and background. Our recruiting efforts reflect our strong commitment to a culture of inclusion, where individuals are hired, developed, and advanced based on their skills and talents. Our workforce reflects a broad cross-section of the global communities in which we operate, bringing a variety of backgrounds, talents, perspectives, and experiences. For more information, please visit #J-18808-Ljbffr