Engineering - Tech Risk DRA - Monitoring & Testing - Analyst - London | London, UK

Job Description

WHO WE ARE

Led by the Chief Information Security Officer (CISO), Technology Risk is responsible for governing and overseeing the information security and cybersecurity risk and controls landscape for the Firm. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring information security & cybersecurity risk through intelligent tooling, and designing and driving implementation of information security & cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA.

Within Technology Risk, Digital and Risk Assurance is the execution arm, responsible for analyzing, triaging, and reporting on newly discovered risks, supporting Engineering Divisions in risk management, supporting our external audits from a technology standpoint, overseeing internal assessments as well as ensuring the integrity of the environment.

Goldman Sachs has one of the most progressive Technology Risk teams in the industry and is continuing to push the development of risk in preference to security within technology and the business. Year on year success has led the team to work deeper into the organization and gain valuable insights into how technology needs to function, what its risk really is and how this impacts the business.

YOUR IMPACT

You will be a key addition to the Digital Risk Office Assurance team, which is primarily responsible for supporting the Engineering Monitoring & Testing program.

As part of the first line of defense, the Engineering Monitoring & Testing program was established to independently evaluate the design and performance of key controls.

Our team partners with engineering teams across the firm to help them understand what they can do to reduce and manage their risk and make their systems more resilient.

HOW YOU WILL FULFILL YOUR POTENTIAL

Your responsibilities will include governance aspects of Controls Assurance programs, and issue management. You will work with all pillars within Technology Risk to understand the risks being identified and their potential impact. This will be an opportunity to build broad knowledge of the business and technologies across the entire firm and work with engineers at all levels in the organization.

JOB RESPONSIBILITIES

• Partner with business units to perform control evaluation, monitoring and testing efforts of key internal controls to identify control gaps as well as opportunities for effectiveness and efficiency improvements. These assessments will include coverage for other regulatory programs including SOX and RCSA.
• Evaluate the effectiveness of existing key controls, identify gaps, and recommend improvements to mitigate risks and enhance form's risk posture.
• Collaborate with cross functional teams and stakeholders to evaluate and validate the design, implementation, and performance of key engineering controls.

BASIC QUALIFICATIONS & SKILLS

• Relevant bachelor's degree (such as computer science, information technology, management information systems or related fields).
• 1-3 years' experience in Risk Management, Risk Reporting, Audits, Control Assessment and Evaluation, Governance, etc.
• Basic understanding of IT audit methodologies and control frameworks of IT platforms, processes, systems and controls, including areas such as logical access, physical security and change management controls at an infrastructure and application level.
• Familiarity with risk management framework, industry standards, financial industry regulatory requirements.
• Experience with any data analysis/visualization tool such as Excel, Tableau, Power BI, R, SQL, etc.
• Basic understanding of risk management principles or Sarbanes-Oxley Section 404, SOC 1 and SOC 2 reporting.
• Familiarity with general and cyber security related Information technology controls design and reviews.
• Ability to work effectively in a global team environment and drive results in a matrixed organization.
• Results oriented, strong sense of ownership and eagerness to learn.
• Strong sense of ownership and accountability.
• Clear communication skills, both verbally and in writing.

PREFERRED QUALIFICATIONS

• Understanding of information technology audit and control frameworks such as NIST COBIT and ITIL

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.