Cybersecurity Regulatory and Strategy Specialist - Tech Risk - Governance

Location(s) US-NY-New York
Job ID
2020-63972
Schedule Type
Full Time
Level
Associate
Function(s)
Security Engineer
Region
Americas
Division
Engineering
Business Unit
Technology Risk
Employment Type
Employee

MORE ABOUT THIS JOB

Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.


RISK GOVERNANCE supports various Technology Risk committee structures to align with industry enterprise risk management standards and ensure risk relevant information in provided for senior leadership with the proper oversight and accountability.

REGULATORY & AUDIT COORDINATION manages Regulatory and Client interactions impacting the Technology Division. Ensures management awareness of regulatory expectations and improves the alignment of technology controls to meet these expectations.

 

Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, The Regulatory, Policy & Strategy team manages interactions with global cybersecurity regulators, continuously assesses the firm’s adherence to a changing technology and risk environment, develops policies and standards to manage the firm’s use of technology, and creates strategies to guide the future of Technology Risk. We are a team of policy professionals, regulatory experts, and communications specialists who work closely with technical teams to identify, document, and remediate information security risks based upon a common understanding of our legal and contractual obligations, of industry best practice, and of sound risk management principles. Role In this role, you will advance the Engineering Division’s control framework and governance processes by assuring alignment with regulatory requirements, best practices, and industry trends. You will work as part of an expert team to understanding subtle changes in the regulatory, technology, and risk environments, and ensure that the firm stays ahead of any changes. You will directly support the firm’s Chief Information Security Officer in continuously maturing policies, standards, and controls to meet expectations from regulators, auditors, clients, and counterparties. You will be called upon to interact with senior leaders and external stakeholders to effectively convey the firm’s cybersecurity posture in a manner that balances risk management with a commercial mindset. The ideal candidate should be familiar with financial institutions and the regulatory landscape, have a general understanding of information security and cybersecurity topics and possess strong writing and analytical skills. A candidate will find success through the ability to work in a fast paced environment with a strong track record of gaining consensus, on a team spread across multiple global offices.

RESPONSIBILITIES AND QUALIFICATIONS

HOW YOU WILL FULFILL YOUR POTENTIAL
• Job Responsibilities:
• Support the coordination of complex regulatory interactions on cybersecurity and information security, including in-depth regulatory exams, ad hoc requests, and other deliverables. Activities include development of materials prior to regulatory submission and managing stakeholder participation and presentations
• Assist in high priority projects from start to finish that strengthen the firm’s cybersecurity posture by identifying and structuring problems, analyzing root causes, developing solutions, communicating project results, and obtaining buy-in for change
• Coordinate with Technology Risk colleagues on the global and regional regulatory environment to ensure a single, global narrative on the firm’s cybersecurity and information security practices
• Promote the development and implementation of firmwide policies and standards by defining program scope, roles and responsibilities and relevant controls. Enable adoption, publication and education of these programs and documented materials to mitigate the risks associated with cyber and information security
• Conduct analyses to identify regulatory trends with impact to the firm’s business and risk environments and inform our regulatory and external messaging
• Analyze issued and draft regulations and compare requirements against firm practices Prepare detailed communication materials, including presentations and written statements, for senior leadership and external stakeholders
• Coordinate with counterparts and colleagues in other regional locations and teams (e.g. Legal, Compliance, Operational Risk) to ensure consistent responses and program adoption

SKILLS AND EXPERIENCE WE ARE LOOKING FOR
• Bachelor’s degree or higher
• Knowledge of and interest in information security and/or cybersecurity and the financial services sector
• 2-4 years of prior experience in a risk and information technology/security or compliance adjacent role
• Basic project management, analytical and research skills with a demonstrated ability to manage projects from inception through completion
• Experience analyzing regulation and legislation in the United States and/or globally
• Strong analytical, problem solving, organizational and time management skills
• Ability to successfully communicate with technical and non-technical audiences, both verbally and in writing
• Excellent interpersonal skills at all levels and the ability to develop and maintain good relationships
• Ability to flexibly work independently or within a group in order to analyze problems and propose solutions
• Ability to prioritize work and adapt to changing needs in a dynamic work environment

Preferred Qualifications
• Advanced degree in the field of Law, Public Policy, Risk Management, Computer Science, Data Science, Operations Research or Information/Cyber Security
• Experience conducting risk assessments and risk remediation projects in large scale organizations
• Demonstrated expertise in one, or more, of the following Technology Risk domains to include information security, business continuity, technology resilience, and risk assurance, risk governance
• Industry Certifications such as CISA, CISSP, and CISM are beneficial
• Experience comparing regulatory requirements and guidance to firm controls to evaluate adherence
• #TechRiskCybersecurity

ABOUT GOLDMAN SACHS

The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.

© The Goldman Sachs Group, Inc., 2020. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.