Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiativesthat are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.RISK ADVISORY delivers best in class advisory support and technology solutions across the information security risk domain including scalable uplifts of common core security solutions for use across Goldman Sachs. Prevents the misuse, unauthorized disclosure, or loss of firm data across e-mail, file transfer, and the Internet. Ensures business continuity and technology resilience by safeguarding Goldman Sachs from major operational disruptions through preventativemeasures including business planning, capability design,and the testing of mitigants.ROLE DESCRIPTION: Technology Risk Advisory delivers best in class advisory support and technology solutions across the Information Security risk domains, including scalable uplifts of common core security solutions for use across Goldman Sachs and conducting cyber risk assessments. As the Vendor Risk Program Associate, you will be part of or oversee a team that is responsible for assessing and managing the portfolio vendor Information Security Risk across the firm. Your team will be responsible for all Vendor Technology Risk related initiatives and assessments, including; core assessments of a vendor logical controls, Cloud assessments, Mobile assessments and Application assessments. The ideal candidate should; have a good understanding of regulations that governs this space, be well versed in risk assessments and a demonstrated ability in helping counterparts manage risk. JOB SUMMARY & RESPONSIBILITIES: Support the Technology Risk Advisory function by helping to shape the Vendor Technology Risk strategy, leading a team that assess risk and working with Business Units to manage risk portfolios.
RESPONSIBILITIES AND QUALIFICATIONS
HOW YOU WILL FULFILL YOUR POTENTIAL• Have a good understanding of regulations that governs this space• Be well versed in risk assessments and a demonstrated ability in helping counterparts manage riskSKILLS AND EXPERIENCE WE ARE LOOKING FOR• Have in the past worked with Legal to develop and on an ongoing basis, review Information Security contractual requirements.• Understanding of well recognized risk management frameworks and a proven track record of implementation.• Working knowledge of the regulatory landscape and its applicability to the vendor ecosystem.• Good understanding of Information Security controls, along with preferred and alternative implementations.• Working knowledge of Cloud computing and understanding of how to assess Cloud related risks.• Working knowledge of the overall Procurement process and a clear understanding of Technology Risk's role in that process.• 3 - 6 years of relevant work experiencePreferred Qualifications• Proficient verbal and written communication skills• Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security, Information Security, Information Technology or Risk Management is preferred• Prior experience conducting audits• One or more of the following Certificates; CISA, CRISC, CISM, CISSP