• Senior Technology Risk Adviser

    Location(s) UK-London
    Job ID
    2020-60423
    Schedule Type
    Full Time
    Level
    Vice President/Executive Director, Associate
    Function(s)
    Engineering
    Region
    EMEA
    Division
    Engineering
    Business Unit
    Technology Risk
    Employment Type
    Employee
  • MORE ABOUT THIS JOB

    The Technology Risk team protects the systems and data of our firm and our clients, equips our people with understanding and tools to measure risk and enable the use of technology, and evangelizes controls monitoring solutions. As trusted advisors to all of the firm’s business divisions, the Business Resilience team provides advice and guidance on the identification and management of business resilience risk, policy and compliance. Primarily focussed on supporting divisional business resilience program, managing business relationships and designing business resilience controls and policy for the whole firm.

     

    The team encompasses Information Security, Business Continuity and IT Regulatory compliance (such as Sarbanes Oxley). The global Technology Risk team currently has presence in New York, London, Tokyo, Bangalore, Hong Kong, Zurich, Moscow, Dallas and Beijing. It covers all technology and business areas including subsidiaries and affiliates globally

     

    YOUR IMPACT

     

    You will join the Global Application Security team within Technology Risk, a team that is responsible for the identification of Security flows in the firm’s software asset portfolio, along with providing security assurance advices and guiding the engineers into manage application risks.

     

    You will interact with all parts of the firm giving you the opportunity to grow within the Technology Risk team itself, but also gain the breadth of experience and knowledge to facilitate future career moves into risk & control management roles in other divisions within the firm.

     

    You will become a highly committed trusted Risk Advisor with the discipline and interpersonal skills to work in a global environment communicating the impact of technology risks and the approach to mitigation/acceptance. You will provide Technology Risk Advisory risk assessment and advisory services to engineers as part of the EMEA Technology Risk function, including

    • Driving adoption of embedded application security controls within Software Development Life Cycle (SDLC)
    • Architect and Engineer automated security testing solutions in DevOps firm-wide
    • Lead the team and the program of Static Application Security Testing program (SAST)
    • Engineer tools and solution that will facilitate the adoption of security controls
    • Product evaluation for new solution that can benefits the Secure-SDLC program
    • Review and provide advice and consultation to business owners for the security defects identified
    • Work with engineers to develop customized security testing strategy to complement the existing security testing program managed by Technology Risk
    • Communicate/Present/Promote the need and the vision of Secure-SDLC and Application Security
    • Strong accountability of the User Experience imposed by DevSecOps firm wide

     

    At Goldman Sachs, our culture is one of teamwork, innovation and meritocracy. We often say our people are our greatest asset and we take pride in supporting each colleague both professionally and personally. From collaborative work spaces and ergonomic services to wellbeing and resilience offerings, we offer our people the flexibility and support they need to reach their goals in and outside of the office.

    RESPONSIBILITIES AND QUALIFICATIONS

    SKILLS & EXPERIENCE WE’RE LOOKING FOR

     

    You will have a minimum of 2 years’ experience in information security or related fields and risk analysis techniques. You will use your strong technical, interpersonal, organizational, written and verbal communication skills to interact with your internal clients locally and globally. Your knowledge of Application Security, Risk Analysis and Risk Management techniques, methodologies and governance will enable you to be an active member of the team along with your professional experience in one, or more, of the following disciplines:

    • Secure software development practices and frameworks
    • Secure Code Review and Application Security assessment
    • Understanding of common application security vulnerabilities and controls to remediate.
    • Ability to engage technical client base of engineers and communicate security requirements, potential risks and influence development practices
    • Good knowledge of one programming language: Python, NodeJS or Go
    • CI/CD Knowledge: Jenkins, BitBucket CI, Bamboo, GitLab CI, Travis CI, Circle CI, AWS Code Commit and Deploy (or similar)
    • DevSecOps solutions (at least one tool from each domain)
    1. Static Application Security Testing – SAST
    2. Dynamic/Interactive Application Security Testing – DAST/IAST
    3. Software Composition Analysis - SCA
    4. Containing Security
    5. Mobile Security

     

    PREFERRED QUALIFICATIONS 

    • Medium-scale technical program management skills

    ABOUT GOLDMAN SACHS

    ABOUT GOLDMAN SACHS

    At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

    We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.

    We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html



    © The Goldman Sachs Group, Inc., 2020. All rights reserved.
    Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity

    Options