Goldman Sachs & Co. Technology, Technology Risk Application Security Architect/Risk Advisor, Vice President, London in London, United Kingdom
MORE ABOUT THIS JOB
Our team of engineers builds solutions to the most complex problems. We develop cutting-edge systems and processes that form the core of our key business and enable transactions to move in milliseconds. We provide real-time access to critical deal information and crunch billions of data points each day to inform firm-wide market insights and strategies. Team members have the opportunity to work at the forefront of technology innovation alongside industry leaders and make significant contributions to the field.
Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.
RISK ADVISORY delivers best in class advisory support and technology solutions across the information security risk domain including scalable uplifts of common core security solutions for use across Goldman Sachs. Prevents the misuse, unauthorized disclosure, or loss of firm data across e-mail, file transfer, and the Internet. Ensures business continuity and technology resilience by safeguarding Goldman Sachs from major operational disruptions through preventative measures including business planning, capability design, and the testing of mitigants.
The Technology Risk team protects the systems and data of our firm and our clients, equips our people with understanding and tools to measure risk and enable the use of technology, and evangelizes controls monitoring solutions. As trusted advisors to all of the firm's business divisions, the Business Resilience team provides advice and guidance on the identification and management of business resilience risk, policy and compliance. Primarily focused on supporting divisional business resilience program , managing business relationships and designing business resilience controls and policy for the whole firm. The team encompasses Information Security, Business Continuity and IT Regulatory compliance (such as Sarbanes Oxley). The global Technology Risk team currently has presence in New York, London, Tokyo, Bangalore, Hong Kong, Zurich, Moscow, Dallas and Beijing. It covers all technology and business areas including subsidiaries and affiliates globally.
You will join one of the most progressive Technology Risk teams in the industry which continues to push the development of risk in preference to security within technology and the business. You will interact with all parts of the firm giving you the opportunity to grow within the Technology Risk team itself, but also gain the breadth of experience and knowledge to facilitate future career moves into risk & control management roles in other divisions within the firm. You will become a highly committed trusted Risk Advisor with the discipline and interpersonal skills to work in a global environment communicating the impact of technology risks and the approach to mitigation/acceptance. You will provide Technology Risk Advisory risk assessment and advisory services to engineers as part of the EMEA Technology Risk function.
RESPONSIBILITIES AND QUALIFICATIONS
HOW YOU WILL FULFILL YOUR POTENTIAL
Driving adoption of embedded application security controls as part of the Software Development Life Cycle (SDLC)
Assess applications for design related security risks and assist teams in determining appropriate remediation for issues identified
Contribute to the implementation and refinement of the strategy for the Application Risk programme both globally and in the region
Provide guidance on existing and emerging threats in the web and mobile application space
Contribute to the technical understanding and adoption of information security standards, solutions and tools
Be highly committed both to achieving the deliverables and to the team itself
Have the discipline and interpersonal skills to work well in a global environment, complementing teams in other locations
Provide deep level subject matter expertise in one or more areas, such as implementation of cryptography, authentication, specific development language implementation risks and secure design patterns
Work with engineers to develop customized security testing strategy to complement the existing security testing program managed by Technology Risk
SKILLS & EXPERIENCE WE'RE LOOKING FOR BASIC QUALIFICATIONS
You will have a minimum of up to 5 years' experience in information security or related fields and risk analysis techniques
You will use your strong technical, interpersonal, organizational, written and verbal communication skills to interact with your internal clients locally and globally
Secure software development practices and frameworks
Mobile application architecture, threat analysis or control implementation
Security testing methodologies, tools and techniques
Understanding of common application security vulnerabilities and controls to remediate.
Development experience and proficiency in one of more languages, such as Java, C/C++, Objective C
Ability to engage technical client base of engineers and communicate security requirements, potential risks and influence development practices
- Medium-scale technical program management skills
ABOUT GOLDMAN SACHS
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
© The Goldman Sachs Group, Inc., 2017. All rights reservedGoldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.
Schedule TypeFull Time
LevelVice President/Executive Director
Business UnitTechnology Risk