Engineering - Risk Governance, Regulatory, & Engagement - Vice President - Dallas

Goldman Sachs

The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base.

Tech Risk – Digital Risk & Assurance – Assurance – VP

WHO WE ARE

Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA.

Within Technology Risk, Digital and Risk Assurance is the execution arm, responsible for analyzing, triaging and reporting on newly discovered risks, supporting Engineering Divisions in risk management, as well as ensuring the integrity of the environment.

Goldman Sachs has one of the most progressive Technology Risk teams in the industry and is continuing to push the development of risk in preference to security within technology and the business. Year on year success has led the team to work deeper into the organization and gain valuable insights into how technology needs to function, what its risk really is and how this impacts the business.

YOUR IMPACT

The candidate will be a key addition to the Digital Risk Office Assurance team, which oversees the Controls Assurance Program (CAP), the Engineering Divisions comprehensive risk and controls analysis program. The Team works closely with Digital Risk Office and other stakeholders across the Technology Risk and broader Engineering organization.

HOW YOU WILL FULFILL YOUR POTENTIAL

Your responsibilities will include overseeing key aspects of CAP and managing and empowering a small team of highly dedicated individuals. You will be expected to identify areas of improvement in the design and effectiveness of key controls including automation; build and sustain relationships with stakeholders, establish a culture of collaboration, and stay up-to-date with industry and regulatory changes.

Responsibilities include:

1. Development of control testing methodology
2. Oversight of team’s execution of control testing program across various technology control focus areas, including but not limited to Resilience & Recovery, Identity & Access Management, Infrastructure and Change Management, Cyber Defense & Response, Data Security, Vulnerability Management, IT Asset Management, Data Governance and Incident Management
3. Be accountable for timely testing of technology key controls, through teamwork, coordination and escalation of newly discovered and existing issues
4. Identify and track technology uplifts to manage risk
5. Define clear, meaningful metrics for measuring compliance and adoption with our policies and standards
6. Develop fact pattern analysis for exceptions (develop trends and derive root cause for repeat issues)
7. Develop procedures and processes for control oversight and monitoring
8. Test and validate the design, implementation, and performance of controls

BASIC QUALIFICATIONS

1. At least 8 years’ in-depth external audit or industry audit experience
2. At least 3 years’ management experience
3. In depth understanding of risk management principles or Sarbanes–Oxley Section 404, SOC 1 and SOC 2 reporting
4. Experience with general and cyber security related Information technology controls design and reviews
5. Strong knowledge of IT audit methodologies and control frameworks of IT platforms, processes, systems and controls, including areas such as logical access, physical security and change management controls at an infrastructure and application level
6. Strong analytical, communication, interpersonal, problem solving, organizational and time management skills
7. Excellent influencing skills at all levels and the ability to develop and maintain good relationships
8. Strong sense of ownership and accountability
9. Clear communication skills, both verbally and in writing
10. Ability to drive, maintain, and improve large-scale control attestation or regulatory compliance initiatives across the organization
11. Ability to work independently, analyze problems and act decisively with minimal management oversight
12. Communicates status and risks in a succinct, direct and open manner
13. Managing global client relationships and working as part of a global team
14. Excellent presentation skills

PREFERRED QUALIFICATIONS

1. Audit, security or control-related certification such as CISA or CISSP
2. Strong understanding of information technology audit and control frameworks such as NIST, COBIT and ITIL
3. An understanding of any one, or more, of the following Technology Risk domains to include information security, technology resilience, audit, compliance, risk assurance, and risk governance
4. Experience in any one, or more, of the following is preferred but not required: Use of data analytics and/or analysis in the context of Technology risk.
5. Experience prototyping and developing risk analytics

#TechRiskCybersecurity

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.

We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: Disability Statement .