What We Do:
The Global Regulatory Engagement team resides within firm’s Technology Risk department, which is led globally by the firm’s Chief Information Security Officer (CISO) and regionally by the Head of Technology Risk for Asia Pacific. The Technology Risk department maintains responsibility for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications, measuring cybersecurity risk, and driving implementation of cybersecurity controls. The Global Regulatory Engagement team has three principal objectives:
(1) efficiently provide timely and accurate information to global regulators regarding the firm’s information security;
(2) drive security improvements and prioritization based on internal security requirements and regulations if effect in the jurisdictions in which we operate; and
(3) inform business decisions by providing insights about relevant regulatory trends and changes. Separately, the Global Regulatory Engagement team is responsible for coordinating the development of technology-related policies and standards across the firm.
Responsibilities:
Drafting responses to requests for information from Asia Pacific regulators for information security and cybersecurity mattersPerform gap analysis of new and changing Asia Pacific regulations impacting technology operational risk including but not limited to information security & cybersecurityCoordinating engagements with regulators for information security and cybersecurity related topicsConducting analyses to identify regulatory trends of relevance to the firm’s business and risk environmentsPreparing presentations and written products on regulatory trends and issues to inform senior leadership Drive Asia Pacific participation in global Technology Risk programs and activities Coordinating with counterparts in other jurisdictions and regional stakeholders (e.g. Legal, Compliance, Operational Risk) to ensure consistent responses across all regulatorsDriving implementation of specific security controls based on internal security priorities and regulatoryManaging Asia Pacific local/regional audit and regulatory activities relevant to Technology Risk with primary focus on Information Security and CybersecurityConducting reviews of system access controls to ensure adequate data segregation measures and best practices are in placeManaging and delivering regional specific control adoption and uplift initiatives from global Technology Risk programs Communicating status and risks in a succinct, direct and open manner for proper issue management life cycle tracking
Basic Qualifications
Bachelor’s degree or higher Strong writing skills, ideally with published academic or professional articlesExperience working in Information/Cyber security, IT Risk & Governance from a sizeable multinational organization Strong analytical, interpersonal, problem solving, influencing, organizational and time management skills with sense of ownership and accountability Experience in communicating technology risks to senior audiences both technical and non-technicalWork effectively both independently and as part of a team, self-motivated and deadline driven The ability to manage multi-task effectively and interact in a matrixed organization is essentialKnowledge and experience of financial regulatory environment is must for Asia Pacific jurisdiction Good understanding and knowledge of the following Technology areas and their impact on Information Security:
o Windows and Unix/Linux operating systems
o Network protocols such as TCP/IP, Firewall and IDS/IPS technology
o Voice and Audio-Visual platforms
o Application security issues such as OWASP Top 10
o Industry Certifications such as CISA, CISSP, and CISM are beneficial
Strong “risk mindset” with consideration to commercial perspectives
Preferred Qualifications
Technical Management
Balances use of tactical versus strategic solutions when requiredRecommends technology solutions that improve efficiency and lowers operations costs
Process Engineering
Strong knowledge in development lifecycle approachOperations, information technology, or software engineering background required (exposure to formal processes)Ability to communicate and enforce standards, process and control
Project Management
Strong technical project management skillsAbility to manage multiple programs simultaneously in high pressure environment where change is common placeProactively involves key users in all stages of the project life cycleAnticipates potential obstacles and develops contingency plans to overcome themManages expectations, building agreement for project milestones, timelines and measures of successEnsures the delivery of quality solutions within agreed upon timeframes and budgets
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html
© The Goldman Sachs Group, Inc., 2025. All rights reserved.
Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity