Tech Risk – Governance, Regulatory & External Engagements (GRE) – Client Due Diligence & Engagement – Associate

Business Unit Overview

Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, The Governance, Regulatory & External Engagements team develops, implements and documents the firm’s alignment to governance processes related cybersecurity to ensure the firm is implementing and leading industry best practices. We are a team of program managers, project managers, and regulatory analysts that understand, document, and uplift the firm’s adherence to a dynamic and ever-evolving regulatory environment. We drive key Technology Risk programs and key initiatives and reduce regulatory and litigation risk. 

Role

In this role, you will support the Engineering Division’s interactions with internal business teams and external parties focused on technology risk, information security, and cybersecurity functions. The Regulatory & External Engagements pillar is part of the Governance, Regulatory and Controls team, and is responsible for managing all interactions with the Firm’s banking and securities regulators, clients, prospective clients and, in certain instances, auditors. This role is expected to maintain a balance between a risk mindset and commercial posture while strengthening relationships with regulatory agencies, clients and firmwide stakeholders. 

The ideal candidate should be familiar with financial institutions and the relevant regulatory landscape, have an understanding of information security and cybersecurity topics, and possess strong writing and analytical skills.  A candidate will find success through the ability to work in a fast paced environment, demonstrate a strong track record of gaining consensus, providing thoughtful guidance to senior leadership, and drive action and ownership while on a dispersed team spread across multiple global offices and via matrixed colleagues.

RESPONSIBILITIES AND QUALIFICATIONS

Job Responsibilities:

• Support the coordination and maintenance of client due diligence engagements on cybersecurity and information security, including by completing due diligence questionnaires, preparing for client meetings, and other related deliverables. 
• Developing relevant materials prior to client submission and management of subject-matter, and information gathering to satisfy requests in advance of deadlines
• Build close working relationships between divisional and core Technology Risk stakeholders, and maintain collaboration with key stakeholders in Engineering, Legal, Compliance, and Operational Risk divisions
• As it relates to client expectations, support high priority projects from start to finish that strengthen the firm’s cybersecurity posture by identifying and structuring problems, analyzing root causes, developing solutions, communicating project results, and obtaining buy-in for change
• Maintain the tooling and inventory of standardized content and effectively track client metrics and trends to improve and automate repeatable functions
• Enhance reporting and metric capabilities for this work, demonstrating the evolution of this team and the areas for which growth is still required
• Prepare detailed communication materials, both presentations and memos, for senior leadership and external stakeholders 

Basic Qualifications:

• Bachelor’s degree or higher
• Knowledge of, and interest in, information security and/or cybersecurity and the financial services sector
• Familiarity with industry templates for client due diligence (SOC, SIG, KY3P)
• 4 years of prior experience in a risk, compliance, regulatory, or information technology/security adjacent role 
• Basic project management, analytical and research skills with a demonstrated ability to manage projects from inception through completion
• Strong analytical, problem solving, organizational and time management skills
• Ability to successfully communicate with technical and non-technical audiences, both verbally and in writing
• Excellent interpersonal skills at all levels and the ability to develop and maintain good relationships
• Ability to flexibly work independently or within a group to analyze problems and propose solutions
• Ability to prioritize requests and adapt to changing needs in a dynamic work environment

Preferred qualifications:

• Advanced degree in the field of Law, Public Policy, Risk Management, Computer Science, Data Science, Operations Research or Information/Cyber Security
• Understanding of applicable regulatory requirements and expectations
• Experience responding to and interacting with regulators and clients on a variety of initiatives
• Knowledge in one, or more, of the following Technology Risk domains to include information security, business continuity, technology resilience, and risk assurance, risk governance
• Industry Certifications such as CISA, CISSP, and CISM are beneficial
• Experience comparing regulatory requirements and guidance to firm controls to evaluate adherence

ABOUT GOLDMAN SACHS

The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.