RISK The Risk Business identifies, monitors, evaluates, and manages the firm’s financial and non-financial risks in support of the firm’s Risk Appetite Statement and the firm’s strategic plan. Operating in a fast paced and dynamic environment and utilizing the best-in-class risk tools and frameworks, Risk teams are analytically curious, have an aptitude to challenge, and an unwavering commitment to excellence.
OPERATIONAL RISK The Operational Risk Department at Goldman Sachs is an independent risk management function responsible for developing and implementing a standardized framework to identify, measure, and monitor operational risk across the firm.
TEAM & ROLE OVERVIEW This Information and Cybersecurity role is for a professional with technology subject matter expertise dedicated to strengthening the components of the firm’s operational risk management framework relating to information and cybersecurity risks. This role will be responsible to continuously identify, monitor, measure and assess operational risk for the Engineering division and Engineering elements of other divisions.
RESPONSIBILITIES - Identify, monitor, and analyze operational risks arising from the execution of technology operations including but not limited to cybersecurity, cloud security, patch management, data protection/privacy, identity access management, etc. and develop evidence-based challenges focused on improving such operations
- Monitor the control inventory for sufficiency and completeness and challenge the absence of controls and implementation of controls within engineering standards
- Propose qualitative and quantitative operational risk appetite/tolerance and monitor risk taking trends through bespoke metrics at firmwide and divisional/sub-divisional levels, escalating concerns to senior management when warranted
- Conduct scenario analysis by working with stakeholders to develop plausible tail risk scenarios used in quantifying specific businesses exposure to potential risk
- Facilitate operational risk event and data collection; perform detailed reviews of trends to identify significant risks and ensure monitoring and remediation
- Review New Activities and ensure operational risks arising from acquisitions, new products and/or business, and migrations, etc. are properly considered
- Contribute to divisional and functional risk profile assessments by highlighting risk issues and trends to senior divisional managers and senior Operational Risk management team
- Conduct quarterly triggered assessments for the division to ensure the divisions risk and control self -assessment outcome are consistent, credible, and underpinned by appropriate evidence
- Remain current on business drivers, regulatory and industry changes impacting the firms information and cybersecurity activities and obligations
- Contribute to the advancement of operational risk methods and practices and the operational risk management framework
- Identify and drive initiatives that improve the risk management activities at the firm
- This role requires an energetic self-starter that can liaise with Engineering teams both regionally and globally. Experience and knowledge in a regulated enterprise network, preferably financial institution’s technology infrastructure/applications and control requirements are required together with strong interpersonal and analytical skills for this role.
SKILLS AND EXPERIENCE REQUIRED - Strong business acumen with general awareness of technology related processes, risks and business flows
- 8+ years of relevant experience, which could include working in operational risk; in a financial institution’s technology division; a technology company that builds or maintains enterprise systems, like cloud services; offensive or defensive cybersecurity; or IT or Information Security/Cybersecurity auditors.
- Strong verbal and written communication skills with the ability to present with impact and influence
- Experience with frameworks like NIST (Cybersecurity Framework, 800-53), COBIT, Cloud Security Alliance Cloud Controls Matrix ,and/or ISO 27001
- Ability to work in a fast-paced environment with a strong delivery focus
- Strong organizational skills (project management experience a plus)
- Ability to work in a team environment and knowledge share with other colleagues within team
- Proficiency in World, Excel, PowerPoint, SharePoint/OneDrive - SQL, graph databases and Tableau (would be a plus)
- Familiarity with enterprise risk management best-practices and controls
- Possess a Bachelor's Degree in Computer Science, Cybersecurity, Business and Technology Management, Finance, Data Science, or related disciplines
- Technology skills including substantive subject matter expertise in several areas, including:
- Deep understanding of Linux and Windows operating systems
- Internet infrastructure design and installation and support of network devices and firewalls
- Cloud computing concepts, technologies, risks and mitigating controls
- Systems and security administration and configuration of servers and desktops (UNIX, Windows, directory services etc.)
- Security risks related to web, mobile, web services, and client/server architectures
- Encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture
- Vulnerability assessment and penetration testing methodologies and processes for web, thick client and mobile applications
- Experience with Splunk and/or other SIEM platforms would be useful but not required
- Threat modelling, intelligence and incident response
- Management, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)
- Business continuity planning and disaster recovery design and implementation
- Security within the software development lifecycle
ABOUT GOLDMAN SACHS At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html
© The Goldman Sachs Group, Inc., 2021. All rights reserved.
Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity