• Engineering - Technology Risk - Information Security Specialist - Associate / Vice President - Beijing

    Location(s) CN-Beijing
    Job ID
    Schedule Type
    Full Time
    Vice President/Executive Director
    Asia Except Japan
    Business Unit
    Technology Risk
    Employment Type

    Divisional Description


    At Goldman Sachs, our Engineers don’t just make things – we make things possible.  Change the world by connecting people and capital with ideas.  Solve the most challenging and pressing engineering problems for our clients.  Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action.  Create new businesses, transform finance, and explore a world of opportunity at the speed of markets.

    Engineering, which is comprised of our Technology Division and global strategists groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions.  Want to push the limit of digital possibilities?  Start here.



    Goldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment.




    Information Security leads the cyber threat, protection, and investigative functions for the firm. Information Security professionals lead the risk analysis and risk monitoring initiatives that help to protect the firm and our clients from information and cyber security risks. The team equips the firm with the knowledge and tools to measure risks, identify and mitigate threats and protect against unauthorized disclosure of confidential information for the firm's clients, internal business functions, and extended supply chain.



    The position is for an Information Security professional with experience in Infrastructure and Application Security.


    This position is based in Beijing as part of the Asia Pacific Information Security team. It is a demanding role requiring broad understanding of the firm's Information Security policies and promotion and enforcement of information security at all levels of the organization and across all technology platforms.


    The successful candidate for this role will provide effective leadership in information security and risk management for the China business by engaging with leaders across the Technology Division and working with regional and global teams within Technology Risk to drive the complete continuous assessment of information security controls. The position will report into both the Head of China Technology and also the regional Head of Information Security.




    • Conduct risk reviews of business and technology initiated projects helping to drive adoption of application and infrastructure security control and best practises
    • Conduct risk reviews of 3rd party systems and applications to assess the standard and proprietary application security controls used by the application (e.g. authentication, authorization, input validation, output sanitization, error handling, application resilience) against firm policies and standards
    • Investigate, coordinate and address information security incidents
    • Drive China participation in global and regional Information Security programs and activities including o Support and escalation for global/regional teams in remediation of security vulnerabilities o Management and resolution of Information Security risk issues
    • Drive implementation of security controls in platforms in technology teams, leveraging the embedded Security Engineering team in Technology Risk Advisory


    Basic Qualifications
    The successful candidate will have the following core skills:

    • Demonstrate deep understanding, passion and thought leadership for information security and the impact of new technologies, services and solutions
    • Strong analytical, communication, interpersonal, problem solving, organizational and time management skills
    • Excellent influencing skills at all levels and the ability to develop and maintain good relationships
    • Strong sense of ownership and accountability
    • Clear communication skills, both verbally and in writing
    • Fluent in English and Mandarin
    • Ability to work independently, analyze problems and act decisively with minimal management oversight
    • Communicate status and risks in a succinct, direct and open manner
    • Ability to manage local client relationships and work as part of an extended regional Information Security team
    • Good understanding and knowledge of the following Technology areas and their impact on Information Security:
    • o Windows and Unix/Linux operating systems o Network protocols such as TCP/IP
    • o Common web-related and file transfer protocols such as http/https and ftp
    • o Firewall and IDS/IPS technology o Voice and Audio-Visual platforms
    • o Experience with configuration and vulnerability management
    • o Familiarity with application security issues such as OWASP Top 10
    • Excellent presentation skills
    • Industry Certifications such as CISA, CISSP, and CISM are beneficial

    Preferred Qualifications

    In addition to the required core skills, the following are considered a plus:

    Technical Management

    • Balances use of tactical versus strategic solutions when required
    • Assists in technical evaluations and vendor management relationships
    • Recommends technology solutions that improve operation standards and lowers operations costs

    Process Engineering

    • Strong knowledge in development lifecycle approach
    • operations, information technology, or software engineering background required (exposure to formal processes)
    • Ability to communicate and enforce standards, process and control

    Project Management

    • Strong technical project management skills
    • Ability to manage multiple programs simultaneously in high pressure environment where change is common place
    • Proactively involves key users in all stages of the project life cycle
    • Anticipates potential obstacles and develops contingency plans to overcome them
    • Manages expectations, building agreement for project milestones, timelines and measures of success
    • Ensures the delivery of quality solutions within agreed upon timeframes and budgets

    Other skills that are considered a plus:

    • Strong agent for change. Able to facilitate new processes and standards that could impact working environment / culture
    • Ability to work within an open, consensus based organization
    • Ability to manage and interact in a matrixed organization is essential
    • Ability to think "outside the box" and develop creative solutions to complex technical and process problems
    • Work effectively both independently and as part of a team, self motivated and deadline driven
    • Strong customer service orientation
    •  Goal oriented, and be able to work with others to achieve goals
    • Able to handle multiple interrupts and be able to multi-task effectively 


    The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.

    © The Goldman Sachs Group, Inc., 2018. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.