Risk, Operational Risk, Identity & Access Management - Associate - Salt Lake City

Organization: Risk Division, Operational Risk 

Team / Role: Identity and Access Management Associate - Information and Cybersecurity

Level/Location: Associate, Salt Lake City

The Operational Risk Department at Goldman Sachs is an independent risk management function responsible for developing and implementing a standardized framework to identify, measure, and monitor operational risk across the firm. 

This Information and Cybersecurity role is for a professional with technology subject matter expertise dedicated to strengthening the components of the firm’s operational risk management framework relating to information and cybersecurity risks.  This role will be responsible to continuously identify, monitor, measure and assess operational risk for the Engineering division and Engineering elements of other divisions.    

Responsibilities:

• Identify, monitor, and analyze operational risks arising from the execution of technology operations primarily related to identity and access management, etc. and develop evidence-based challenges focused on improving such operations.
• Monitor identity and access management portions of the firms control inventory for sufficiency and completeness and challenge the absence of controls and implementation of controls within engineering standards.
• Conduct data analysis to identify trends and patterns in access data, augmenting such with qualitative observations to monitor risk taking trends through bespoke metrics at firmwide and divisional/sub-divisional levels, escalating concerns to senior management when warranted.
• Contribute to divisional and functional risk profile assessments by highlighting risk issues and trends to senior divisional managers and senior Operational Risk management team 
• Conduct evidence-based scenario analysis by working with stakeholders to develop plausible tail risk scenarios around unauthorized or improper access used in quantifying specific businesses exposure to potential risk.
• Facilitate operational risk event and data collection; perform detailed reviews of trends to identify significant risks and ensure monitoring and remediation 
• Review New Activities and ensure operational risks arising from acquisitions, new products and/or business, and migrations, etc. are properly considered
• Contribute to review and challenge of identity and access management control assessments to ensure the risk and control self -assessment outcomes are consistent, credible, and underpinned by appropriate evidence.
• Remain current on business drivers, regulatory and industry changes impacting the firms information and cybersecurity activities and obligations
• Identify and drive initiatives that improve the risk management activities at the firm

This role requires an energetic self-starter that can liaise with Engineering teams both regionally and globally.  Experience and knowledge in a regulated enterprise network, preferably financial institution’s technology infrastructure/applications and control requirements are required together with strong interpersonal and analytical skills for this role.

Qualifications

• Bachelor's Degree in Computer Science, Cybersecurity, Business and Technology Management, Finance, Data Science, or related disciplines preferred
• 2+ years of relevant experience, which could include working in operational risk; in a financial institution’s technology division; a technology company that builds or maintains enterprise systems, like cloud services; offensive or defensive cybersecurity; or IT or Information Security/Cybersecurity auditors.
• Understanding of IAM concepts, including user provisioning, access controls, single sign-on (SSO), and multi-factor authentication. 
• Experience with IAM tools and technologies like Active Directory, Azure AD, or Okta.
• Knowledge of internal control frameworks (NIST 800-53, ISO 27001) and audit methodologies
• Strong business acumen with general awareness of technology related processes, risks and business flows
• Strong verbal and written communication skills with the ability to present with impact and influence
• Experience with frameworks like NIST (Cybersecurity Framework, 800-53), COBIT, Cloud Security Alliance Cloud Controls Matrix, and/or ISO 27001
• Ability to work in a fast-paced environment with a strong delivery focus
• Strong organizational skills (project management experience a plus)
• Ability to work in a team environment and knowledge share with other colleagues within team
• Proficiency in World, Excel, PowerPoint, SharePoint/OneDrive – SQL, graph databases and Tableau (would be a plus)
• Relevant certifications like CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) or related IAM certifications 
• Familiarity with enterprise risk management best-practices and controls