Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives
that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.
RISK ADVISORY delivers best in class advisory support and technology solutions across the information security risk domain including scalable uplifts of common core security solutions for use across Goldman Sachs. Prevents the misuse, unauthorized disclosure, or loss of firm data across e-mail, file transfer, and the Internet. Ensures business continuity and technology resilience by safeguarding Goldman Sachs from major operational disruptions through preventative
measures including business planning, capability design,
and the testing of mitigants.
The Technology Risk team protects the systems and data of our firm and our clients, equips our people with understanding and tools to measure risk and enable the use of technology, and evangelizes controls monitoring solutions.
The team encompasses Information Security, Governance, Measurement and Security and Incident Response. The global Technology Risk team currently has presence in New York, London, Tokyo, Bangalore, Hong Kong, Zurich, Moscow, Dallas and Beijing. It covers all technology and business areas including subsidiaries and affiliates globally.
Technology Risk Advisory delivers best in class advisory support and technology solutions across the Information Security risk domains, including scalable uplifts of common core security solutions for use across Goldman Sachs. As a Risk Advisor, you will be part of or oversee a technical team that is responsible for assessing and managing the portfolio of risks for Divisionally aligned products. You are expected to have a working knowledge of the products you support, and provide technical design consultancy services as needed. Your team will be responsible for all assessments, including, Design / Architecture Reviews, Manual Code Reviews, Penetration Testing, and Continuous Monitoring / Scanning. The ideal candidate should possess the aptitude to build coalitions across teams / product owners, educate counterparts on secure development practices and work collaboratively to drive down risk.
HOW YOU WILL FULFILL YOUR POTENTIAL
• Support the Technology Risk Advisory function by leading a group of highly technical staff that assess risk, identify risk and advice on risk.
SKILLS AND EXPERIENCE WE ARE LOOKING FOR
• Examine application state machine to validate assumptions and identify vulnerabilities
• Should have a solid understanding of security controls and how they apply to different designs and systems.
• Understand, highlight and articulate risk to product owners in an understandable language.
• Present alternate designs to the teams in order to help them reduce risks.
• Experience in application vulnerability assessment and penetration testing of web, thick-client, or mobile applications.
• Experience managing a technical team or project, and liaising with product owners to manage risk portfolios.
• Working knowledge of application security tools such as fuzzers, scanners, debuggers, decompilers, proxies, simulators, etc.
• Familiarity with common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g. DropWizard, AngularJS, Tomcat, .Net, Sybase, MS SQL, MongoDB, etc.).
• Understanding of core cryptography concepts (encryption, hashing, HMAC, digital signature) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks).
• Ability to analyse protocols, flows and interactions in a design to evaluate gaps.
• min 5 years of relevant work experience.
• Proficient verbal and written communication skills.
• Expert knowledge of network, application and operating system security risks.
• Medium-scale technical program management skills.
• Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security is preferred.
• Experience or training in related disciplines e.g. computer science, computer security, software development, system design, open source frameworks, encryption schemes, etc.
ABOUT GOLDMAN SACHS
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html
© The Goldman Sachs Group, Inc., 2020. All rights reserved.
Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity