Business Unit Overview
Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Advisory is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and control across Goldman Sachs. The team plays a critical role in designing and assessing controls for our transition to building native public cloud applications.
Support the Technology Risk Advisory function by being a part of a highly technical staff that assess risk, identify risk and advise on risk. In this role, you will be supporting the firm through the delivery of cyber security due diligence assessments within the investment and acquisition lifecycle - from early stage security posture assessment, to identification of key risk mitigation priorities at deal close. As well as supporting assessment delivery the role includes the opportunity to evolve the assessment framework to ensure it remains effective, and efficient.
• Prior experience in performing cyber security assessments, audits or due diligence activities on 3rd party organizations as part of vendor on-boarding, investment or acquisition due diligence
• Strong understanding of common security best practices and controls across several of the following areas
• vulnerability management
• incident management
• application security/SDLC
• cloud, platform and infrastructure security
• data leakage prevention
• endpoint security
• BYOD/remote working
• Familiarity with common security assessment frameworks such as NIST or ISO
• Familiarity with risk governance approaches and best practices
• Excellent verbal and written communication skills with the ability to clearly articulate risks concisely to senior and non-technical audiences
• Knowledge of network, application and operating system security risks.
• Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security is preferred
• Experience or trainings in related disciplines e.g. computer science, computer security, software development, system design, open source frameworks, encryption schemes, etc.
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
Â© The Goldman Sachs Group, Inc., 2020. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.