USD 85,000 - 140,000

New York

See The Original Here

Tech Risk Digital Risk & Assurance Assurance Associate

WHO WE ARE

Led by the Chief Information Security Officer (CISO), Technology Risk is responsible for governing and overseeing the information security and cybersecurity risk and controls landscape for the Firm. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring information security & cybersecurity risk through intelligent tooling, and designing and driving implementation of information security & cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA.

Within Technology Risk, Digital and Risk Assurance is the execution arm, responsible for analyzing, triaging, and reporting on newly discovered risks, supporting Engineering Divisions in risk management, supporting our external audits from a technology standpoint, overseeing internal assessments as well as ensuring the integrity of the environment.

Goldman Sachs has one of the most progressive Technology Risk teams in the industry and is continuing to push the development of risk in preference to security within technology and the business. Year on year success has led the team to work deeper into the organization and gain valuable insights into how technology needs to function, what its risk really is and how this impacts the business.

YOUR IMPACT

You will be a key addition to the Tech Risk Assurance team, which partners with engineering teams across the firm to help them understand what they can do to reduce and manage their risk and make their systems more resilient.

HOW YOU WILL FULFILL YOUR POTENTIAL

Your responsibilities will include governance aspects of issue management, CCM (Continuous Controls Monitoring), Control Incident Management, Technology Resilience, and Controls Assurance programs. You will work with all pillars within Technology Risk to understand the risks being identified and their potential impact. You will work with engineering teams to help them understand their complete risk portfolio and how they can reduce risk most effectively. You will partner in programs to reduce risk and improve resiliency across the firm. This will be an opportunity to build broad knowledge of the business and technologies across the entire firm and work with engineers at all levels in the organization.

Responsibilities include

  • Be accountable for driving exceptions to zero, through teamwork, coordination and escalation of newly discovered and existing issues
  • Identify and track technology uplifts to manage risk
  • Define clear, meaningful metrics for measuring compliance with our policies and standards
  • Develop fact pattern analysis for exceptions (develop trends and derive root cause for repeat issues)
  • Develop procedures and processes for control oversight and monitoring
  • Test and validate the design, implementation, and performance of controls

BASIC QUALIFICATIONS & SKILLS

  • Bachelor's degree
  • 3+ years' experience in Risk Management, Risk Reporting, Audits, Governance, Resilience, etc.
  • Experience with any data analysis/visualization tool such as Excel, Tableau, Power BI, R, SQL, etc.
  • Understanding of risk management principles or SarbanesOxley Section 404, SOC 1 and SOC 2 reporting
  • Experience with general and cyber security related Information technology controls design and reviews
  • Ability to work effectively in a global team environment and drive results in a matrixed organization
  • Results oriented, strong sense of ownership and eagerness to learn
  • Knowledge of IT audit methodologies and control frameworks of IT platforms, processes, systems and controls, including areas such as logical access, physical security and change management controls at an infrastructure and application level
  • Strong sense of ownership and accountability
  • Clear communication skills, both verbally and in writing

PREFERRED QUALIFICATIONS

  • Industry certifications such as CISA and/or CISSP desired but not essential
  • Experience with public/private Cloud technologies (Cloud Foundry, AWS, GCP, Azure etc)
  • Understanding of information technology audit and control frameworks such as NIST COBIT and ITIL

#TechRiskCybersecurity

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital, and ideas to help our clients, shareholders, and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities, and investment management firm. Headquartered in New York, we maintain offices around the world.

GS.com/careers

https//www.goldmansachs.com/careers/footer/disability-statement.html