Tech Risk - Regulatory & Controls - Advisory
Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.
Risk advisory delivers best in class advisory support and technology solutions across the information security risk domain including scalable uplifts of common core security solutions for use across Goldman Sachs. Prevents the misuse, unauthorized disclosure, or loss of firm data across e-mail, file transfer, and the Internet. Ensures business continuity and technology resilience by safeguarding Goldman Sachs from major operational disruptions through preventative measures including business planning, capability design, and the testing of mitigants.
The Regulatory & Controls team resides within firm's Technology Risk department, which is led globally by the firm's Chief Information Security Officer (CISO) and regionally by the Head of Technology Risk for Asia Pacific. The Technology Risk department maintains responsibility for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications, measuring cybersecurity risk, and driving implementation of cybersecurity controls.
The Regulatory & Controls team has 3 principal objectives:
- Efficiently provide timely and accurate information to global regulators regarding the firm's information security
- Drive security improvements and prioritization based on internal security requirements and regulations if effect in the jurisdictions in which we operate
- Inform business decisions by providing insights about relevant regulatory trends and changes as well as supporting the Technology Division Governance framework. Separately, the Regulatory & Controls team is responsible for coordinating the development of technology-related policies and standards across the firm.
RESPONSIBILITIES AND QUALIFICATIONS
HOW YOU WILL FULFILL YOUR POTENTIAL
We are looking for a senior candidate with advanced communication, analysis, project management skills and experience with technology governance and technical controls. Background in regulatory environments in Asia Pacific jurisdictions, information/cyber security, and the financial services sector highly preferred.
- Drafting responses to requests for information from regulators in the jurisdictions in which the firm operates, within Asia Pacific
- Coordinating engagements with regulators, including periodic reporting, preparation of presentations and written deliverables of global, regional and local regulatory requirements that have a technology impact, in order to conduct internal self-assessments and gap analyses to ensure compliance
- Conducting analyses to identify regulatory trends of relevance to the firm's business and risk environments to ensure regulatory requirements are appropriately understood, communicated, and mitigated where necessary
- Preparing presentations and written products on regulatory trends and issues to inform senior leadership decisions
- Coordinating with counterparts in other jurisdictions and regional stakeholders (e.g. Legal, Compliance, Operational Risk) to ensure consistent responses across all regulators
- Driving implementation of specific security controls based on internal security priorities and regulatory requirements
- Managing regional audit and regulatory activities relevant to Technology Risk with primary focus on Information Security and Cybersecurity
- Drive and execute Technology Division Governance processes in the region and contribute with regional input to global Governance processes
- Conducting risk reviews of business and technology initiated projects to ensure adequate security controls and best practices are in place
- Managing and delivering regional specific control adoption and uplift initiatives from global Technology Risk programs
- Communicating status and risks in a succinct, direct and open manner for proper issue management life cycle tracking.
- As needed, support development of technology-related policies and standards
SKILLS AND EXPERIENCE WE ARE LOOKING FOR
- Bachelor degree or higher
- Strong English communication skills, both verbally and in writing
- Native level Japanese language abilities (read, write and speak) are required
- Strong writing skills, ideally with published academic or professional articles Exceptional attention to detail
- Experience working in Information/Cyber security, IT Risk & Governance from a sizeable multinational organization
- Strong analytical, interpersonal, problem solving, influencing, organizational and time management skills
- Experience in communicating technology risks to senior audiences both technical and non-technical
- Strong sense of ownership and accountability
- Excellent presentation skills
- Work effectively both independently and as part of a team, self-motivated and deadline driven
- The ability to manage multi-task effectively and interact in a matrixed organization is essential
- Experience managing staff's work assignments and career development while staying hands-on
- Knowledge and experience of financial regulatory environment within Asia Pacific in at least one or more jurisdictions (Japan, Singapore, Hong Kong, China, Australia, India, Korea)
- Graduate degree in information security/cybersecurity, law, government, or political science
- Academic or professional publications in relevant topics
- Strong Professional experience writing policy documents or public messaging for senior government or private sector leaders of the technology implications of regulations
- Good understanding and knowledge of the following technology areas and their impact on Information Security:
- Windows and Unix/Linux operating systems
- Network protocols such as TCP/IP, Firewall and IDS/IPS technology
- Voice and Audio-Visual platforms
- Application security issues such as OWASP Top 10
- Industry Certifications such as CISA, CISSP, and CISM are beneficial
ABOUT GOLDMAN SACHS
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
Â© The Goldman Sachs Group, Inc., 2019. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.
Meet Some of Goldman Sachs's Employees
Kelsey L.Software Engineer, Equities
Using a variety of languages, like Java and Python, Kelsey designs and builds integrated software applications used in Goldman Sachs’ equities business.
Back to top