Tech Risk – Governance, Regulatory & Engagement – Policy & Control Governance – Associate

YOUR IMPACT

You will be a key addition to the Technology Risk Governance, Regulatory, and Engagement (GRE) team which provides governance over various aspects of the firm’s information security and cyber security program, ensures regulatory obligations are understood and achieved, through the development and monitoring of controls and risks. You will specifically work towards supporting the development, oversight and advancement of the firm’s information and cyber security policies, standards, and controls definitions.

Goldman Sachs has one of the most progressive Technology Risk teams in the industry and is continuing to push the development of risk in preference to security within technology and the business.  Year on year success has led the team to work deeper into the organization and gain valuable insights into how technology needs to function, what its risk really is and how this impacts the business.

HOW WILL YOU FULFILL YOUR POTENTIAL? 

Your responsibilities will include advancing the Engineering Division’s information and cyber security control framework and governance processes. You will drive controls, develop their adoption criteria (e.g., risk score, system classification, etc.), govern our control framework, policies/standards and integration with external regulations to ensure the firm stays ahead of threat actors. Your responsibilities will include::

• Assisting in high profile, global projects that strengthen the firm’s cybersecurity and technology risk posture
• Identifying areas for improvement in our control / policy framework and drive uplift
• Developing methodology to identify critical assets and sets of applicable controls based on risk 
• Analyzing completeness of control design (e.g. room for auto-measurement, KPIs, adoption across applicable assets, implementation blockers, etc.),
• Analyzing industry frameworks (such as NIST), new external regulations and internal policies/standards to enhance processes, controls and governance,
• Designing and drive control assessment governance (completeness, performance, adequacy, etc.).

BASIC QUALIFICATIONS

• Bachelor’s degree, or higher
• Knowledge of, and interest in, technology, information security and/or cybersecurity, risk management and the financial services sector
• Organizational skills with demonstrated ability to manage multiple requests at the same time
• Creative thinking and problem-solving abilities, coupled with a risk management mindset
• Effective communication with technical and non-technical audiences, both verbally and in writing
• Excellent interpersonal skills at all levels and the ability to develop and maintain good relationships
• Ability to prioritize requests and adapt to changing needs in a dynamic work environment
• Outstanding stakeholder management

PREFERRED QUALIFICATIONS

• 2-4 years of prior experience in a risk, compliance, regulatory, or information technology/security adjacent role
• Experience in conducting risk assessments and risk assessment of processes and applications,
• Industry Certifications such as Security+, CISA, CISSP, and CISM are a plus.

The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.