Technology Risk - Tech Risk Governance
What We Do
At Goldman Sachs, our Engineers don't just make things - we make things possible. Change the world by connecting people and capital with ideas. Solve the most challenging and pressing engineering problems for our clients. Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action. Create new businesses, transform finance, and explore a world of opportunity at the speed of markets.
Engineering, which is comprised of our Technology Division and global strategists groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions. Want to push the limit of digital possibilities? Start here.
Who We Look For
Goldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment. Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain. RISK GOVERNANCE supports various Technology Risk committee structures to align with industry enterprise risk management standards and ensure risk relevant information in provided for senior leadership with the proper oversight and accountability.
REGULATORY & AUDIT COORDINATION manages Regulatory and Client interactions impacting the Technology Division. Ensures management awareness of regulatory expectations and improves the alignment of technology controls to meet these expectations. It is a demanding role requiring excellent project management and coordination skills together with a foundation in Technology Risk and broad understanding of the firm's Information Security policies. The successful candidate for this role will engage with numerous groups and leaders across both business and technology and may require interaction with external parties (firm's service providers, business counterparties, and regulatory personnel). Key success criteria include the promotion and enforcement of information security at all levels of the organization and across all technology platforms, and the efficient and timely coordination and review of the Technology Division's response to regulatory and client inquiries.
RESPONSIBILITIES AND QUALIFICATIONS
HOW YOU WILL FULFILL YOUR POTENTIAL
- Provide advice to business & technology users on (1) understanding of relevant Technology Risk policies and standards and (2) principles of security & controls as defined by the firm's Technology Risk and Control Framework, and (3) adoption of secure and resilient solutions
- Maintain a thorough understanding of global, regional and local regulatory requirements that have a technology impact, in order to conduct internal self-assessments and gap analyses to ensure compliance
- Work on business initiatives to ensure regulatory requirements are appropriately understood, communicated, and mitigated where necessary
- Perform risk assessments to identify gaps in compliance to information security (application and infrastructure) & BCP standards and policies, for both internal technology solutions as well as solutions provided by third-party service providers, ensuring critical and high priority issues are identified and resolved
- Participate in global, regional and local Technology Risk initiatives aimed at improving our baseline on information protection, resiliency and controls of technology processes and services
- Work with Business Continuity Coordinators in all business and Technology groups across the Asia region to provide structure and guidance on their BCP plans and recovery strategies
- Provide clear and concise verbal and written recommendations and guidance to both business and technology staff on matters of Technology Risk Management
- Promote and assist in the training & awareness of information security and BCP within the region
- Contribute to ongoing support and other operational activities
SKILLS AND EXPERIENCE WE ARE LOOKING FOR
- Good team player along with the ability to work independently
- Excellent communication
- 5 or more years of technology experience in one or more of the following areas: Information Security, Technology Governance, Operational Risk, Technology Audit, Technology Infrastructure or Application Development.
- Direct experience in Information Security, BCP, Technology Controls or Technology Risk Management fields is a significant advantage.
- Strong understanding of the technology implications of regulations
- An understanding of the regulatory environment as it relates to business continuity and/or technology control requirements
- Understanding of the technology implications of additional global and regional regulations is also beneficial.
- Familiar with Risk Analysis and Risk Management methodologies
- Good program and project management skills and technology expertise
- Ability to work effectively as part of the regional and global Technology Risk team, serving a large diverse Technology community
- Infrastructure security knowledge in Windows Server, Desktop OS and applications, Unix/Linux OS, Storage, Networking hardware and protocols, Market Data, Databases and Exchange Connectivity, Remote Access, Firewall and IDS/IPS technology, Voice and Audio Visual platforms, and experience in configuration and vulnerability management an advantage
- Business continuity knowledge in developing or maintaining business continuity plans, application failover testing, business recovery site development and testing, and technology crisis management an advantage
- Understanding of the business functions and the Technology role in a financial services firm a significant advantage
- Strong analytical & communication skills required
- Must be able to manage both time and work load of multiple tasks without constant supervision as part of a distributed team
ABOUT GOLDMAN SACHS
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
Â© The Goldman Sachs Group, Inc., 2018. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.
See Inside the Office of Goldman Sachs
The Goldman Sachs Group, Inc. is a leading global investment banking, securities, and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments, and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
Back to top