Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.
RISK ADVISORY delivers best in class advisory support and technology solutions across the information security risk domain including scalable uplifts of common core security solutions for use across Goldman Sachs. Prevents the misuse, unauthorized disclosure, or loss of firm data across e-mail, file transfer, and the Internet. Ensures business continuity and technology resilience by safeguarding Goldman Sachs from major operational disruptions through preventative
measures including business planning, capability design,
and the testing of mitigants.
Role Description: You will join one of the most progressive Technology Risk teams in the industry which continues to push the development of risk in preference to security within technology and the business. The successful candidate for this role will engage with numerous groups and leaders across both business and technology. Key success criteria include the promotion and enforcement of information security at all levels of the organization and across all technology platforms, and the efficient and timely coordination and review of the Technology Division’s response to internal inquiries.
HOW YOU WILL FULFILL YOUR POTENTIAL
• Provide guidance and governance to business & technology users on (1) understanding of relevant Technology Risk policies and standards and (2) principles of security & controls as defined by the firm’s Technology Risk and Control Framework, and (3) adoption of secure and resilient solutions
• Participate in global, regional and local Technology Risk initiatives aimed at improving our baseline on information protection, resiliency and controls of technology processes and services
• Provide clear and concise verbal and written recommendations and guidance to both business and technology staff on matters of Technology Risk Management
• Promote and assist in the training & awareness of information security and BCP
• Identify opportunities for tuning our detection tools and create policies to tune tools
• Communicate risk and other security incident themes and develop recommendations for resolution.
• Conduct triage on Insider Threat cases
• Ensure that technology security incidents are documented clearly and that realistic remediation plans are developed; follow up on those remediation plans.
SKILLS AND EXPERIENCE WE ARE LOOKING FOR
• Excellent oral, written, and presentation communication skills required
• Good team player along with the ability to work independently
• Technology professional with cyber security technical skills (e.g.: lite coding, Vontu, SQL commands, SPLUNK queries)
• Ability to document and explain technical details in a concise and understandable manner.
• Knowledge of Corporate Risks, IT Controls and other regulations.
• Basic understanding of GDPR (General Data Protection Regulation)
• 4 or more years of technology experience in one or more of the following areas: Information Security, Technology Governance, Operational Risk, Technology Audit, Technology Infrastructure or Application Development.
• Direct experience in Information Security, BCP, Technology Controls or Technology Risk Management fields is a significant advantage.
• Strong understanding of the technology implications of regulations
• An understanding of the regulatory environment as it relates to technology control requirements
• Understanding of the technology implications of additional global and regional regulations is also beneficial.
• Familiar with Risk Analysis and Risk Management methodologies
• Good program and project management skills and technology expertise
• Ability to work effectively as part of the regional and global Technology Risk team, serving a large diverse Technology community
• Infrastructure security knowledge in Windows Server, Desktop OS and applications, Unix/Linux OS, Storage, Networking hardware and protocols, Market Data, Databases and Exchange Connectivity, Remote Access, Firewall and IDS/IPS technology, Voice and Audio Visual platforms, and experience in configuration and vulnerability management an advantage
• Strong analytical & communication skills required
• Must be able to manage both time and work load of multiple tasks without constant supervision as part of a distributed team
• Experience with DLP detection tools such as Vontu or Proofpoint
• Experience with Tableau would be a plus.
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
© The Goldman Sachs Group, Inc., 2019. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.