Job Description

The Asset and Wealth Management Division includes Goldman Sachs Asset Management (AM), Private Wealth Management (PWM, Ayco) and our Consumer business (Marcus by Goldman Sachs). We provide asset management, wealth management and banking expertise to consumers and institutions around the world. AWM partners with various teams across the firm to help individuals and institutions navigate changing markets and take control of their financial lives.

The AWM Technology Risk function is an information security group embedded within AWM responsible for the oversight of Information Security and Cybersecurity risks across AWM business and technology as well as supplements the firm’s Technology Risk programs to meet the additional unique needs of the AWM business. Our mission is to enable the business needs while balancing security controls

 

HOW YOU WILL FULFILL YOUR POTENTIAL

Partner with business units to understand design proposal and evaluate architectural flaws for various on-prem/cloud deployments Closely collaborate with Product Management, Engineering, Dev Ops and Firmwide Tech Risk teams to evaluate the design and implementation of security controls related to Authentication, Authorization, Input Validations etc. and enhance firm’s security posture Evaluate the effectiveness of existing key controls, identify gaps, and recommend improvements to mitigate risks and enhance firm’s security postureActs as an Application security liaison for developers and architects in the respective Business Unit to build security software Interface with business, engineering and leadership teams to articulate and evaluate risk and recommend a mitigation strategy.Drive adoption of embedded application security controls as part of the Software Development Life Cycle (SDLC) in Agile methodologyProvide clear and concise verbal and written recommendations and guidance to both business and technology leaders on matters of Technology Risk ManagementPromote and assist in training & awareness of information security within the regionStrong passion and desire to grow in the Information Security areaCollaborate with Firmwide Tech Risk and other relevant teams to develop security patterns and best practices based on engineering usecase

 

SKILLS AND EXPERIENCE WE ARE LOOKING FOR:

3 – 5  years of technology experience in one or more of the following areas: Information Security, Product/Application Security, Threat Modelling/Secure Design Reviews, Penetration testing etc.Knowledge of most common Application Security vulnerabilities – e.g., OWASP Top 10 Web and API risks, cloud security gaps.Familiarity with Security standards such as OWASP, NIST, PCI and CIS/SANS security controlsAbility to analyze internal and external processes and integration to understand riskUnderstanding of security core cryptography concepts (Encryption, Hashing, HMAC, digital signatures), its implementation, how they are applied and attacked in web applicationsAssessing and mitigating software security threat vectors, with experience in threat modeling framework, attack surface analysis, security design reviews, source code reviews, penetration testing or vulnerability assessments.Good written and oral communication to be able to articulate risks to both technical and management stakeholdersStrong program and project management skills and technology expertiseAbility to assess and evaluate corporate risk tolerance and translate into goals and new processes including software engineering, IT teams, and engineering and business stakeholdersExperience collaborating with a team of security experts in a diverse set of security topics including, but not limited to, security architecture, financial controls and regulatory compliance, identity and access management, penetration testing, data loss prevention, network security, security monitoring, white box testing/static code analysis, and building secure systems

 

DESIRED SKILLS

Experience in Financial Services/FintechKnowledge of secure coding language - Python, Java, GoExperience in AWS or Cloud technologies     ABOUT GOLDMAN SACHS
  At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world. 
  We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers. 
  We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html
 
  © The Goldman Sachs Group, Inc., 2023. All rights reserved. Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, veterans status, disability, or any other characteristic protected by applicable law.