Risk, Operational Risk Specialist, Cyber, Associate/VP - Dallas
The Risk division is responsible for credit, market and operational risk, model risk, independent liquidity risk, and insurance throughout the firm .
The Risk division is responsible for credit, market and operational risk, model risk, independent liquidity risk, and insurance throughout the firm.
Operational Risk Management & Analysis
The Operational Risk Management and Analysis (ORMA) department, an independent risk management function, is responsible for developing and implementing a standardized framework to identify, measure, and monitor operational risk across the firm.
Description of the Role
This is a demanding role and the candidate will be responsible for implementing and managing the firm's Cybersecurity Risk Management and Cybersecurity Due Diligence activities as part of the broader Cybersecurity Risk Management team within the Operational Risk Specialists group in ORMA. The candidate will be based in New York, Dallas or Salt Lake City but will have extensive, ongoing interaction with global stakeholders, particularly those in London, Tokyo and Bengaluru.
The Cybersecurity Risk Management Program within ORMA is responsible for establishing and implementing the firm's cybersecurity risk management framework to identify, assess and manage cybersecurity risk in conformance with financial sector and critical infrastructure cybersecurity standards including the Financial Sector Cybersecurity Profile, NIST Cybersecurity Framework, FFIEC Cybersecurity Assessment Tool and ISO 27001 and to provide recommendations on risk and control maturity to facilitate risk management decisions by senior management and governance committees.
The role will collaborate with other groups in ORMA, Risk Division and across other the First, Second and Third line of defense functions in business and technology to embed cybersecurity risk and cybersecurity due diligence practices within the business to appropriately business specific cybersecurity risk. and control assurance activities through to completion across various stakeholder groups.
Responsibilities of this role encompass operational and strategic risk management activities requiring engagement and collaboration with numerous groups and leaders across firm business and technology areas and interaction with external parties including industry groups, service providers, business counterparties, and firm financial regulators.
RESPONSIBILITIES AND QUALIFICATIONS
- Serves as a senior member of Cybersecurity Risk Management team developing, implementing and managing the firm's global cybersecurity risk management strategy, framework and approach.
- With other ORMA teams conduct appropriate risk and control challenge and assessment activities to ensure integrated understanding and monitoring of system risks.
- Integrate ORMA cybersecurity risk reporting into regional and business unit operational risk management functions as well as aggregated reporting into the Enterprise Risk Management Framework as appropriate
- Develop and execute comprehensive risk-based assessments of the firm's enterprise and business specific cybersecurity risk profiles.
- Enhance KRIs and KPIs to measure enterprise-wide security effectiveness and support Business Unit cybersecurity risk management program governance
- Develop strategies and Action Plans to drive control maturity improvement in areas where controls do not adequately mitigate risks.
- Develop and implement aggregate enterprise cybersecurity risk metrics for reporting.
- Oversee the establishment of continuous cybersecurity control maturity improvement priorities and monitor progress
- Facilitate prioritization of cybersecurity risk and due diligence activities with different Risk, Technology and Business stakeholders.
- Partner with TechRisk and the business to ensure cybersecurity due diligence activities are conducted in support of M&A and firm investment activity.
- Work with revenue and federation divisions to help them to understand the cybersecurity risk management and due diligence requirements and work on assessment and implementation strategies.
- Through objective verbal and written communications and briefings to provide cybersecurity risk oversight and insight to firm Governance Committees and Senior Management.
- In collaboration with ORMA Governance team identify global cybersecurity regulatory, legislative, and industry specific compliance requirements and applicability to each line of business.
- Ensure business level cyber security risk assessments are conducted inclusive of annual entity assessments and appropriate third party and supplier risk assessments
- Oversee the establishment of cybersecurity risk appetite statements applicable to the cybersecurity risk profile for each business unit.
- Develop robust metrics and reporting to clearly articulate the security posture of each business unit.
- Extensive knowledge and understanding of current and emerging cybersecurity risks, and innovative risk management frameworks and methods.
- Strong knowledge of cybersecurity regulations, laws and standards.
- Ability to collaboratively develop a cybersecurity risk management strategy in conjunction with numerous and diverse stakeholders.
- Ability to develop and clearly articulate a compelling cybersecurity strategy to key business stakeholders.
- Prior experience in defining enterprise security policies, standards, and controls.
- Experience with cybersecurity operational metrics and dashboards, and managing performance effectiveness and improvement.
- Experience in working with diverse cross geography teams.
- Self-motivated individual, comfortable working without close supervision and with ability to work to deadlines.
- Team player with proven ability to build strong cross-business relationships.
- Ability to challenge current thinking and suggest ideas of how to improve results.
- Strong business and technical analysis, logic and program management skills.
- Ability to work independently, analyze problems and make decisions with minimal direction.
- Ability to manage multiple programs simultaneously in high pressure environment where change is commonplace.
- Ensure standards and practices are globally applied and shared throughout the stakeholder community.
- Effective communication and interpersonal skills written and oral; confident in interaction with senior management (both technology and business).
- Working knowledge of the critical business functions and activities within financial services industry is a plus.
- Functional Expertise - Maintains currency with the emerging cybersecurity and geopolitical risk environments and how they influence business, financial, and market risks.
- Technical Skills - Demonstrates strong functional and technical skills required for the role, pays attention to detail, takes initiative to broaden his/her knowledge and demonstrates appropriate risk analytical skills
- Drive and Motivation - Successfully handles multiple tasks, takes initiative to improve his/her own performance, works intensely towards extremely challenging goals and persists in the face of obstacles or setbacks
- Client and Business Focus - Effectively handles difficult requests, builds trusting, long-term relationships with clients, helps the client to identify/define needs and manages client/business expectations
- Teamwork - Provides evidence of being a strong team player, collaborates with others within and across teams, encourages other team members to participate and contribute and acknowledges others' contributions
- Communication Skills - Communicates what is relevant and important in a clear and concise manner and shares information/new ideas with others
- Judgement and Problem solving - Thinks ahead, anticipates questions, plans for contingencies, finds alternative solutions and identifies clear objectives. Sees the big picture and effectively analyses complex issues
- Creativity/Innovation - Looks for new ways to improve current processes and develop creative solutions that are grounded in reality and have practical value
- Influencing Outcomes - Presents sound, persuasive rationale for ideas or opinions. Takes a position on issues and influences others' opinions and presents persuasive recommendations
- 5 or more years of risk management leadership and experience in one or more of the following areas: Information Security Risks Management, Technology Governance, or Operational Risk Management.
- Direct experience with control design and implement in the Information Security, Technology Risk, BCP, Technology Controls or Technology Risk Management fields is a significant advantage.
- •Extensive knowledge and experience in implementing and leading information security policy and risk management programs in in compliance with global financial regulatory requirements and industry standards such as NIST Cybersecurity Framework, FFIEC Cybersecurity Assessment Tool, Cobit/RiskIT, ISO 27001, and GLBA.
- Good program and project management skills and technology expertise
- Ability to work effectively as part of the regional and global Technology Risk team, serving a large diverse Technology community
- Understanding of the business functions and the Technology role in a financial services firm a significant advantage
- Strong analytical & communication skills required
- Must be able to manage both time and work load of multiple tasks without constant supervision as part of a distributed team
ABOUT GOLDMAN SACHS
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
© The Goldman Sachs Group, Inc., 2019. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.
Back to top