Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiativesthat are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.RISK GOVERNANCE supports various Technology Risk committee structures to align with industry enterprise risk management standards and ensure risk relevant information in provided for senior leadership with the proper oversight and accountability.REGULATORY & AUDIT COORDINATION manages Regulatory and Client interactions impacting the Technology Division. Ensures management awareness of regulatory expectations and improves the alignment of technology controls to meet these expectations.Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats, and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain. You will join one of the most progressive Technology Risk teams in the industry which continues to push the development of risk in preference to security within technology and the business. You will interact with all parts of the firm giving you the opportunity to grow within the Technology Risk team itself, but also gain the breadth of experience and knowledge to facilitate future career moves into risk & control management roles in other divisions within the firm. We are looking for an experienced, highly self-motivated candidate with a strong data protection, privacy or data risk management background to join a team that drives the data protection strategy, control requirements, and technical control adoption across the firm's applications and platforms.
RESPONSIBILITIES AND QUALIFICATIONS
HOW YOU WILL FULFILL YOUR POTENTIAL• Provide guidance and governance to business & technology users on (1) understanding of relevant security policies and standards, (2) principles of security & controls as defined by the firm's Technology Risk and Control Framework, and (3) adoption of secure and resilient solutions• Participate in global, regional and local Technology Risk initiatives aimed at improving our baseline on data protection, resiliency and controls of technology processes and services• Provide clear and concise verbal and written recommendations and guidance to both business and technology staff on matters of data protection, privacy or data risk management• Plan, execute and support various data risk management and data privacy program initiatives• Drive adoption of data protection controls across applications and platforms• Implement measures to ensure data protection controls are implemented and are operating effectively• Develop scalable processes and procedures that enable efficient risk managementSKILLS AND EXPERIENCE WE ARE LOOKING FOR• Bachelor's degree or higher in Computer Science, Computer Engineering, or Information Security• 4 or more years of technology experience in one or more of the following areas: Information Security, Technology Governance, Operational Risk, Technology Audit, Technology Infrastructure or Application Development• Strong knowledge of data protection, privacy, or data risk management concepts and practices• Strong technical background with the ability to understand technology architecture and infrastructure• Hands-on experience with advanced Microsoft Excel functions• Excellent analytical thinking abilities• Excellent oral, written, and presentation communication skills• Ability to document and explain technical details in a concise and understandable manner• Good team player along with the ability to work independentlyPreferred Qualifications• CISSP, Security+, or CIPT certification• Experience with risk analysis and risk management frameworks and methodologies• Understanding of one or more relational database technologies (e.g. SQL)• An understanding of the regulatory environment as it relates to technology control requirements• Understanding of GDPR (General Data Protection Regulation)