PROCESSING APPLICATION
Hold tight! We’re comparing your resume to the job requirements…
ARE YOU SURE YOU WANT TO APPLY TO THIS JOB?
Based on your Resume, it doesn't look like you meet the requirements from the employer. You can still apply if you think you’re a fit.
Job Requirements of Global Banking and Markets, Vice President, Technology Risk, Product Security and Advisory Architect:
-
Employment Type:
Full-Time
-
Location:
New York, NY (Onsite)
Do you meet the requirements for this job?
Global Banking and Markets, Vice President, Technology Risk, Product Security and Advisory Architect
Want to push the limit of digital possibilities? Start here.Who We Look ForGoldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more
We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment
RESPONSIBILITIES AND QUALIFICATIONS
The Global Banking & Markets (GBM) Technology Risk function is an information security group embedded within GBM responsible for the oversight of Information Security and Cybersecurity risks across GBM business and technology, and supplements the firm’s Technology Risk programs to meet the additional unique needs of the GBMM business
Our mission is to enable the business needs while balancing controls
The GBM Technology Risk Group is responsible for the following services:Governance - Ensure that our risk posture remains in a managed state and helping to meet the different information security, privacy, regulatory, audit, and firm-wide tech risk commitments.Client Due Diligence – This client-facing service is a revenue protection function supporting due diligence requests from existing clients and prospects.Application Security & Advisory – Operate as the cybersecurity SPOC (single point of contact) for key GBM initiativesIn the Tech Risk Advisory role for GBM Technology Risk, you will be part of a team that manages the technology risk portfolio and roadmap of key business initiatives like product launches, strategic projects, and acquisition due diligence
The function requires participating throughout the project lifecycle and working with a broad range of risk partners across the firm to ensure that application security & infrastructure security controls and best practices are baked into the project requirements and prioritized appropriately
The goal is to be the security solution architect and SME for product launches, key initiatives, and all other cybersecurity-related matters across the GBM business.In this position, you will have a tremendous impact and bring innovative ideas on how to take our Technology Risk team to the next level
This deep technical role enables the business and helps engineering teams find creative and commercial ways to address risks and requirements across the technology landscape
This position also necessitates maintaining awareness of the evolving cybersecurity threat landscape and relevant mitigating controls
There will also be an opportunity to research evolving security trends, frameworks, and products to help our internal clients and advise/consult to our external portfolio companies, partners, managers, clients, and investments. You will be responsible for assessing and managing the portfolio of risks for divisionally aligned products
You are expected to learn about the business products you support and provide technical design consultancy services as needed
Your team will be responsible for ensuring management of all assessments, including, Design / Architecture Reviews, Manual Code Reviews, Penetration Testing, and Continuous Monitoring / Scanning
The ideal candidate should possess the aptitude to build coalitions across teams/product owners, educate and help counterparts on secure operation and development practices and work collaboratively to drive down risk.SKILLS AND EXPERIENCE WE ARE LOOKING FOR6-8 years of technology experience in one or more of the following areas: Information Security, Technology Governance, Operational Risk, Technology Audit, Technology Infrastructure or Application Development (focusing on application security)Ability to guide product and application teams to architect and design their products securelyKnowledge of most common Application Security vulnerabilities – e.g., OWASP Top 10 and cloud security gaps.Prior experience in performing Threat Modelling or Secure Design Reviews.Perform risk assessments to identify gaps in compliance to information security (application and infrastructureFamiliarity with common cloud services, recommended security best practices and secure deployment patterns - AWS is preferred.Familiarity with Security standards such as OWASP Testing Guide, OWASP ASVS, NIST and Sans top 20.Common security controls and how they apply to different designs and systems including but not limited to secure authentication, access controls, encryption (at rest/ in transit), IDS/IPS, DLP, malware etc.Experience in application vulnerability assessment and penetration testing of web, thick-client, or mobile applications.Experience with acquisition due diligence and integration.Working knowledge of application security tools such as fuzzers, scanners, debuggers, decompilers, proxies, simulators, etc.Understanding of core cryptography concepts (Encryption, Hashing, HMAC, digital signatures) and how they are applied and attacked in web applications (e.g
TLS attacks, CBC attacks).Familiarity in performing code review of popular web application programming languages (Java, Javascript, C++, C#, Python, Perl, optionally Objective-C, etc.).Familiarity with common web stack technologies (e.g
HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g
DropWizard, AngularJS, Tomcat, .Net, Sybase, MS SQL, MongoDB, etc.).Ability to analyze protocols (OAuth, SAML, OIDC), flows and interactions in a system design to evaluate gaps.Ability to identify threats, abuse cases, and gaps in the design before it is implemented.Good written and oral communication to be able to articulate risks to both technical and management stakeholders.Preferred QualificationsExperience in crafting custom proof of concept application exploits using testing tools/frameworks or scripting exploits in Python, Perl, JavaScript, Shell scripting, etc.Knowledge of network, application and operating system security risks.BS
in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security.Security Certifications and Trainings preferred, but not required.Experience or trainings in related disciplines e.g
computer science, computer security, software development, system design, open source frameworks, encryption schemes, etc.Experience doing architecture review of Mobile applications.
ABOUT GOLDMAN SACHS
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow
Founded in 1869, we are a leading global investment banking, securities and investment management firm
Headquartered in New York, we maintain offices around the world
We believe who you are makes you better at what you do
We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs
Learn more about our culture, benefits, and people at GS.com/careers
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process
Learn more:
/>
The Goldman Sachs Group, Inc., 2023
All rights reserved.
Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity
Salary RangeThe expected base salary for this New York, New York, United States-based position is $150000-$250000
In addition, you may be eligible for a discretionary bonus if you are an active employee as of fiscal year-end.BenefitsGoldman Sachs is committed to providing our people with valuable and competitive benefits and wellness offerings, as it is a core part of providing a strong overall employee experience
A summary of these offerings, which are generally available to active, non-temporary, full-time and part-time US employees who work at least 20 hours per week, can be found here.Posting Date: 2024-07-30
Recommended Skills
- .Net Framework
- Access Controls
- Acquisition Due Diligence
- Adaptability
- Ajax (Programming Language)
- Angular4
Help us improve CareerBuilder by providing feedback about this job: Report this job
Job ID: 23491_6369_48354140
CareerBuilder TIP
For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.
By applying to a job using CareerBuilder you are agreeing to comply with and be subject to the CareerBuilder Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.