Job Description
The Risk division is responsible for credit, market and operational risk, model risk, independent liquidity risk, and insurance throughout the firm.
The Operational Risk Division at Goldman Sachs is an independent risk management function responsible for developing and implementing a standardized Operational Risk Management Framework (ORMF) to identify, measure, monitor, and escalate operational risk across the firm.
The Technology Operational Risk (TOR) role is for a professional with deep technology subject matter expertise dedicated to actively employ and strengthen the components of the firm's operational risk management framework relating to technology risks. This role will be responsible to continuously identify, monitor, measure, assess, and challenge operational risk for the Engineering Division.
The Engineering Organization includes the Engineering Division and technology and strategist groups in Revenue and Federation divisions. Our engineers are responsible for building and deploying innovative technical and quantitative solutions for our clients and our firm.
Responsibilities
- Risk assessment of the impact of changing application, infrastructure, and Cloud computing services on the Goldman Sachs technology portfolio. As new technology is introduced and old technology is phased out, the risk position of the firm will have a changing residual risk position.
- Coordination and key participation in the development of the evolving risk position of new technology and third-party software. For each of the technology areas in focus, this individual will be charged with escalating and tracking the individual risk items.
- Work with appropriate technology areas to identify potentially elevated risk concentrations globally and perform assessments of the corresponding inherent risks and mitigating controls. Recommend any adjustments required to meet GS policy, regulatory requirements, and industry best practices.
- Develop and perform ongoing analysis of Operational Risk loss, near miss and external events to inform RCSA results, technology assessments and scenario analysis. Investigate Operational Risk events meeting selection criteria; assist Business Operational Risk Leads in determining the appropriate consideration of technology risk management and risk events.
- Establishes and oversees the application of operational risk policies, technology and tools, and governance processes to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, and emerging risks.
- Working with colleagues in Operational Risk, as well as technology, business and other control functions, the Operational Risk Lead is expected to contribute to the Oversight of Technology and IT Risks, Key Technology Operational Risks, Assessments and related indicators and thresholds, Challenge of technology Risk Self Assessments, Issue management, oversight, and escalation.
- Manage identified risks using firm's Operational Risk Management Framework.
- Challenge first line control managers and risk assessors.
- Conduct line of business-oriented risk assessment based on application, infrastructure, and platforms.
- Participate in key governance, steering groups and control forums.
- This role requires an energetic self-starter that can liaise with Engineering teams and business both regionally and globally.
- Experience and knowledge in a financial institution's technology infrastructure/applications and control requirements are required together with strong interpersonal and analytical skills for this role.
Qualifications
- 5-8 years of experience in Technology Risk, Technology Audit, Application Security, Software/Infrastructure Engineering, or related fields.
- Experienced in regulatory technology related examinations.
- Proven ability to perform test of controls (design and operating effectiveness) e.g. Cloud, SDLC, AI/ML, Change Management, Identity and Access Management, Third Party, Encryption, Configuration Management, Patching, Network Security, Incident Response, Capacity and Resiliency.
- Knowledge with technology application and infrastructure components such as Servers, Storage, Networking, Application Development, SDLC, End User Platforms, Digital Workflow, Artificial Intelligence & Machine Learning, Cloud technologies, Data Engineering, Mobile/Web, and Database Management systems.
- Ability to review code (Java, C#, C++, Python, VBA macros etc.)
- Systems development/SDLC tools and processes (SVN/CVS, build, software testing, configuration, and deployment)
- Cloud computing (Private, AWS, Google, Azure, Docker)
- Linux and Windows operating systems: security, configuration, and management
- Database design, setup, and administration (DBA) experience with Sybase, Oracle, or UDB
- Big data systems: Hadoop, Snowflake, NoSQL, HBase, HDFS, MapReduce
- Web and Mobile technologies, digital workflow tools
- Site reliability engineering and runtime operational tools (agent-based technologies) and processes (capacity, change and incident management, job/batch management)
- Email, messaging, and collaboration systems (Office 365, Exchange, SharePoint, instant messaging)
- Strong understanding of technology control frameworks and industry guidance such as COBIT, NIST, ISO27001, and FFIEC.
- Professional certifications such as CRISC, CISA, CISM, CISSP, CCSP, and AWS Certified Solutions Architect.
- Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals.
- Excellent analytical and problem-solving skills, inquisitive nature and comfort challenging current practices.
- Proven track record of taking ideas forward without supervision and challenging others, where appropriate.
- Adapt at developing relationships with senior business executives with a reputation for partnering across organization lines to mitigate risks.
- Highly disciplined, able to work with limited supervision and make independent decisions.
- Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results.
- High level of professionalism, self-motivation, and sense of urgency.
- BA or BS College Degree in Business, Sciences or Engineering.
About Goldman Sachs
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.
We're committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html
The Goldman Sachs Group, Inc., 2023. All rights reserved.
Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity