Platform Solutions, Vice President, Security Engineer

About Goldman Sachs

At Goldman Sachs, we connect people, capital, and ideas to help solve problems for our clients. We are a leading global financial services firm providing investment banking, securities, and investment management services to a substantial and diversified client base that includes corporations, financial institutions, governments, and individuals.

What We Do

In Platform Solutions, we power clients with innovative and customer-centered financial products. We bring the best qualities of a technology player and combine that with the best attributes of a large bank. Platform Solutions is comprised of three main businesses, underpinned by engineering, operations, and risk management:

• Transaction Banking, a cash management and payments platform for clients building a corporate treasury system
• Enterprise Partnerships, consumer financial products that companies embed directly within their ecosystems to better serve their end customers
• ETF Accelerator, a platform for clients to launch, list and manage exchange-traded funds

• Build the overall risk profile of the division and work with stakeholders to create a plan towards reducing risk exposure in an agile, collaborative, and well socialized manner
• Provide advice to business & technology users on (1) understanding of relevant Technology Risk policies and standards and (2) principles of security & controls as defined by the firm's Technology Risk and Control Framework, and (3) adoption of secure and resilient solutions
• Provide clear and concise verbal and written recommendations and guidance to internal key stakeholders on matters of Technology Risk Management
• Maintain a thorough understanding of global, regional, and local regulatory requirements that have technology impact
• Contribute to global, regional, and local Technology Risk initiatives aimed at improving our baseline on information protection, resiliency and controls of technology processes and services
• Perform risk assessments to identify gaps in compliance to information security (application and infrastructure) & BCP standards and policies, for both internal technology solutions as well as solutions provided by third-party service providers
• Partner with engineers, product and service owners, legal & compliance, as well as external or internal auditors to coordinate activities for the various audit/assurance/compliance programs and reports, including, but not limited to, SOC1, SOC2, PCI, regulatory inquires and audits.
• Promote and assist in the training & awareness of information security and BCP within the region
• Strong desire to grow in the Information Security area

• 6+ years of technology experience in one or more of the following areas: Information Security, Technology Governance, Technology Audit, Security Compliance Program and Reporting (either as an auditor or an issuer)
• 3+ years of experience in leading enterprise-level security audits or compliance programs, preferably in the financial sector
• Significant experience in SOC1, SOC2, PCI is highly recommended
• Advanced program/project management and communication skills and technology expertise
• Advanced ability to analyze complex internal and external processes to understand risk
• Advanced ability to assess and evaluate corporate risk tolerance and translate into goals and new processes including software engineering, IT teams, and other relevant stakeholders
• Advanced understanding of relevant audit and control standards and the ability to drive and maintain the compliance initiative across the organization