Goldman Sachs

Receive alerts when this company posts new jobs.

Similar Jobs

Job Details

Operations- Securities Division Operations- Tech Risk - Analyst- New York

at Goldman Sachs

Posted: 8/8/2019
Job Reference #: 55334
Keywords:

Job Description

  • Location(s)US-NY-New York
    Job ID
    2019-55334
    Schedule Type
    Full Time
    Level
    Analyst
    Function(s)
    Operations
    Region
    Americas
    Division
    Operations
    Business Unit
    Change Delivery
    Employment Type
    Employee
  • MORE ABOUT THIS JOB

    OPERATIONS

    Operations is a dynamic, multi-faceted division that partners with all parts of the firm to provide banking, securities, and asset management services to clients around the world. In addition, Operations provides essential risk management and controls to preserve and enhance the firm's assets and its reputation. For every new product launched and every trade executed, it is Operations that develops and manages the processes and controls that enable business flow.

    The Technology Risk Officer will be responsible for representing, managing and communicating technology risk for the Securities Division. This requires representing firmwide control requirements and specific control requirements related to this division. The Technology Risk Officer will be primarily focused on security controls in business applications/processes that support the Securities Division business lines (FICC, Equities, Marquee, etc). The successful candidate will be a trusted risk adviser to high performance application and platform teams across the division.

    RESPONSIBILITIES AND QUALIFICATIONS

    RESPONSIBILITIES AND QUALIFICATIONS

    HOW YOU WILL FULFILL YOUR POTENTIAL

    • Interact with SecDiv engineering stakeholders to understand and communicate risks to critical infrastructure and systems, defining potential business impact, and tracking commitments to apply effective mitigating controls
    • Drive adoption of application security, technology privacy, privilege management and vulnerability management controls as part of the Software Development Life Cycle (SDLC) and production management (DevOps) processes
    • Track the progress of remediation of control gaps identified by firmwide control programs, application security and vulnerability testing, Internal Audit, self-testing, or controls self-assessment
    • Assist in the execution of the access and entitlements recertification, and the SOX404 and operational risk control self-assessments by evaluating the key risks and assessing mitigating controls and evidence to determine the risk profile for the organization
    • Assist in the development and monitoring of key risk indicators (KRIs) that are mapped to various risks and controls to determine control gaps, and advise application development teams on implementing risk mitigation measures
    • Communicate the impact of technology risks and the approach to mitigation/acceptance, and provide risk assessment and advisory services to technology engineers, and technology and business management
    • Work with internal application development teams that are developing the next generation of critical business applications, help them understand Information Security, Cyber Security and Business Resiliency control requirements, and advise on the integration of these controls into their applications
    • Collaborate with the global Technology Risk Governance, Application Risk, Vulnerability Management, Privilege Management, Risk Measurement, and other global Technology Risk teams to develop and integrate best-in-class security and resiliency controls and practices
    • Contribute to the technical understanding, adoption and convergence of information security standards, solutions and tools

    SKILLS AND EXPERIENCE WE ARE LOOKING FOR

    • Experience of managing / delivering IT Risk advice and improvement projects in FSI with experience of leading teams
    • Experience of managing diverse business and IT stakeholders at all levels of seniority, including CIO, CRO, CTO, CFO and CISO
    • Ability to identify and assess complex IT risks and controls, to relate them to the wider business environment and to express opinions clearly to all levels
    • Strong understanding of FS sector – business processes / products / keys risks
    • A good understanding of technology platforms
    • Good knowledge of different operating systems, databases, networking, security concepts and technologies from an IT risk and controls perspective
    • A proven ability to manage and monitor program timelines, deliverables, budgets and financial performance
    • Ability to spot opportunities to add value and work with colleagues in other lines of business to help find solutions to the challenges they face
    • Ability to work flexibly in terms of working hours to accommodate tight timelines and manage well under pressure
    • Bachelor’s degree in Computer Science, Computer Engineering, or a related field
    • 5+ years experience driving controls adoption based on information security policies, procedures or standards
    • 3 years experience performing technology risk or vulnerability assessments aimed at independently assessing security weaknesses and gaps

    Preferred Qualifications

    • Experience interfacing with and communicating complex technical security concepts to non-technical audiences
    • Information security policy, standards, guidelines or procedures development and implementation
    • Infrastructure, database and/or application security experience
    • Privilege management (i.e. access and identity management, access re-certification) experience
    • Control self-assessment, SOX404 technical control assessment, SOC 1/SOC 2 control assessment experience
    • Strong knowledge of control frameworks and the ability to design and evaluate effectiveness of controls embedded within business processes
    • Ability to work with large data sets, reporting dashboards and excel worksheets
    • Industry accepted security certifications including CISSP or CISM or CRISC or equivalent SANS certification

    ABOUT GOLDMAN SACHS

    The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.

    © The Goldman Sachs Group, Inc., 2019. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.