Information Security Officer Information Security Officer …

Goldman Sachs
in Dallas, TX, United States
Permanent, Full time
Last application, 06 Jul 20
Goldman Sachs
in Dallas, TX, United States
Permanent, Full time
Last application, 06 Jul 20
Information Security Officer

Business Unit Overview

Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Advisory is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and control across Goldman Sachs. The team plays a critical role in designing and assessing controls for our transition to building native public cloud applications.


In this role, you will be responsible for evaluating and enhancing the security controls of the different payment applications used within the firm, work with teams across the organization daily on current and future looking activities. Use your skills, experience and talents to effectively manage the payment application risk. The ideal candidate should have 5+ years of prior experience in information security management including security assessments, application risk management, payment gateway security and investment banking payment platforms.


Job Responsibilities
• Determine and drive strategic and day to day team objective
• Develop and apply payment risk scoring methods
• Understand and document various security controls requirements and processes for payment systems.
• Perform Risk Assessment of firm’s complex payment systems considering various security policies/controls and external regulatory obligations
• Developing an evaluation method to assess program strengths and identify areas for improvement.
• Work with different internal tech team to address the security gaps identified in the risk assessments
• Establish program to conduct security assessments on payment system counterparties.
• Scope, interpret and prioritize both application security assessments and network vulnerability scan results
• Work closely with cross-functional teams and develop strong liaison relationships.
• Stay current with new and evolving security topics and technologies.

Basic Qualifications
• 5-10 years IT background; experience with payment security compliance or regulatory issues preferred
• Experience with project management (planning, organizing, and managing resources to bring about the successful completion of specific project goals and objectives)
• Intermediate knowledge of all requirements of the PCI DSS SSC guidance, and payment security and compliance requirements.
• Intermediate knowledge of the following technical areas: network segmentation, operating system security, encryption and key management, tokenization, anti-virus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, and information security policy
• Able to scope, interpret and prioritize both application and network vulnerability test results
• Ability to identify problems, analyze data and present conclusions effectively
• Strong verbal, written and presentations skills
• Excellent PC skills (Excel, Word, Adobe, Confluence page)

Preferred Qualifications
• Industry Certifications (CISSP/PCI QSA or ISA/PCIP/CISM/CRISC).
• Knowledge of network, application and operating system security risks.
• MS. in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security.
• Experience or trainings in related disciplines e.g. computer science, computer security, software development, system design, open source frameworks, payment protocols like SWIFT, encryption schemes, etc.
• Experience doing security architecture review of critical applications.