AMD Technology Risk Client Due Diligence Officer

Location(s) US-TX-Dallas
Job ID
Schedule Type
Full Time
Security Engineer
Business Unit
Public Engineering
Employment Type


What We Do

At Goldman Sachs, our Engineers don’t just make things – we make things possible.  Change the world by connecting people and capital with ideas.  Solve the most challenging and pressing engineering problems for our clients.  Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action.  Create new businesses, transform finance, and explore a world of opportunity at the speed of markets.


Engineering, which is comprised of our Technology Division and global strategists groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions.  Want to push the limit of digital possibilities?  Start here.


Who We Look For

Goldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment.


The Goldman Sachs Asset Management Division (AMD) provides asset management, wealth management, and banking expertise to institutions worldwide. AMD partners with various teams across the firm to help individuals and institutions navigate changing markets and take control of their financial health.

The AMD Technology Risk function is an information security group embedded within AMD responsible for the oversight of Information Security and Cybersecurity risks across AMD business and technology, and supplements the firm’s Technology Risk programs to meet the additional unique needs of the AMD business. Our mission is to enable the business needs while balancing controls. The AMD Technology Group is responsible for the following services:

  • Governance - Ensure that our risk posture remains in a managed state and helping to meet the different information security, privacy, regulatory, audit, and firm-wide tech risk commitments.
  • Client Due Diligence – This client-facing service is a revenue protection function supporting due diligence requests from existing clients and prospects.
  • Application Security & Advisory – Operate as the cybersecurity SPOC (single point of contact) for key AMD initiatives.


The Technology Risk Client Due Diligence Officer role will be part of a team that leads our responses to clients and new prospects on the firm’s cybersecurity controls and processes. This includes responding to client due-diligence questionnaires, RFPs, reviewing legal contracts for security language, and presenting to clients on the firm’s cybersecurity controls as well as the controls present in the products and service offerings of AMD.


This individual works with a broad range of risk partners across the firm help respond to client inquiries including central engineering teams, various risk officers, product / application owners, sales, and the business. The role will also be responsible to provide feedback to our product teams on evolving cybersecurity controls and requirements that are requested by clients to ultimately bake into our leading product offerings and services.



  • Partner with the firm’s central Tech Risk, risk program owners and other tech risk officers in a collaborative manner to respond to client due-diligence questions.
  • Assist in developing a framework (e.g. SOC2, ISO, SIG) to minimize response times to clients in a commercial scalable manner.
  • Build the overall risk profile of the division and work with stakeholders to create a plan towards reducing risk exposure in an agile, collaborative, and well socialized manner.
  • Maintain awareness in various technical areas including regulatory frameworks, security controls, and application security controls to be able to respond to technical client inquiries from clients.
  • Triage with key Business and Tech stakeholders to ensure product-specific information is provided in a timely manner
  • Assist in evidence gathering as needed in support of client calls and onsite client meetings
  • Regularly engage with key business stakeholders to improve visibility into client demand and promote proactive due diligence solutions
  • Maintain a thorough understanding of the firms internal control environment as appropriate for client due diligence
  • Develop and maintain AMD product-specific due diligence artifacts
  • Track due diligence activity and provide related reporting to team and divisional leadership, implementing tooling and reporting solutions where needed
  • Provide an analytical focus when reviewing metrics / programs etc. and be comfortable to delve into details to gain further understanding and review at the relevant level of detail
  • Provide clear and concise verbal and written recommendations and guidance to both business and technology staff on matters of Technology Risk Management
  • Identify opportunities for due diligence process improvement and increased efficiency
  • Promote and assist in the training & awareness of information security and BCP within the region as needed

Basic Qualifications:

  • 4+ years of technology experience in one or more of the following areas: Information Security, Technology Governance, Operational Risk, Technology Audit, Technology Infrastructure or Application Development.
  • 3+ years of experience in Information Security, BCP, Technology Controls or Technology Risk Management fields is a significant advantage.
  • 2+ years of experience in Third Party Risk Management (TPRM) or vendor security team responsible for reviewing vendors or supply chains.
  • Understanding of relevant audit and control standards and the ability to drive and maintain the compliance initiative across the organization.
  • Familiarity with industry standard due diligence tools, templates and certifications (SIG, SOC1, SOC2, ISO, etc.)
  • Strong understanding of the technology implications of regulations.
  • Strong program and project management skills and technology expertise.
  • Strong written and verbal communication skills
  • Ability to analyze internal and external processes and integration to understand risk.
  • Ability to assess and evaluate corporate risk tolerance and translate into goals and new processes including software engineering, IT teams, and other relevant stakeholders.
  • Experience collaborating with a team of security experts in a diverse set of security topics including, but not limited to, security architecture, financial controls and regulatory compliance, identity and access management, penetration testing, data loss prevention, network security, security monitoring, white box testing/static code analysis, and building secure systems.
  • Experience with risk management methodologies such as, but not limited to, FAIR.
  • Experience in Financial Industry/Fintech is a plus.



At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at

We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more:

© The Goldman Sachs Group, Inc., 2021. All rights reserved.
Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity