Security Associate Security Associate …

Security Associate >

ENGINEERING

What We Do

At Goldman Sachs, our Engineers dont just make things we make things possible.  Change the world by connecting people and capital with ideas.  Solve the most challenging and pressing engineering problems for our clients.  Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action.  Create new businesses, transform finance, and explore a world of opportunity at the speed of markets.

Engineering, which is comprised of our Technology Division and global strategists groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions.  Want to push the limit of digital possibilities?  Start here.

Who We Look For

Goldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment.

RESPONSIBILITIES AND QUALIFICATIONS

Private Wealth Management

Goldman Sachs Private Wealth Management (PWM) specializes in creating comprehensive wealth management plans for high net worth individuals and families, as well as select institutions, including foundations and endowments.  PWM teams work one-on-one with clients to advise and deliver customized strategies drawn from deep investment experience, diverse wealth management capabilities and global reach.

Your Impact

The Information Security Associate for Consumer & Wealth Management Technology Risk will be part of a team that manages the technology risk portfolio and roadmap. This individual works with broad range of risk partners across the firm to implement and adopt security solutions. In this position, you will have tremendous impact and bring ideas about how to take our Technology Risk team to the next level.

This information security role is a key component of our revenue growth. This individual engages in new and existing institutional clients (e.g. Fortune 500) and supports vendor assurance and compliance activities (e.g., SOC reports, ISO, PCI, NYDFS, etc).

Responsibilities

• Review, negotiate, and respond to client contracts, security agreements, and security assessments, promoting the firm's cyber security, data assurance, and risk management commitments.
• Be knowledgeable of the full scope of the firm's information security, data, cyber as well as compliance posture that includes the technology, applicable governing regulations, and laws. Additionally, this role engages in the ongoing optimization of the aforementioned efforts as well as initiatives.

Basic Qualifications

• 3+ years working in an environment supporting at least one of the following: GDPR, PCI, CCPA/PII, NYDFS, GLBA, HIPAA, ISO27K, SOX.
• 2+ years of technology experience in one or more of the following areas: Information Security, Technology Governance, Operational Risk, Technology Audit, Technology Infrastructure or Application Development.
• 1+ years operational and/or contractual experience with Cloud services (as provider or client) or certified CCNA, CCNP, AWS security, etc, is a plus.
• Demonstrated advanced verbal and written communication skills
• Background in automating searches and querying, tuning large data sets.
• Experience collaborating with experts in Compliance, Legal, Engineering and security topics including, but not limited to, security architecture, financial controls and regulatory compliance, identity and access management, penetration testing, data loss prevention, network security, security monitoring, white box testing/static code analysis, and building secure systems.
• Knowledge of security risks related to web, mobile, web services, Cloud, and client/server architectures is a plus.
• Implementation and/or operational experience with Risk Management Solutions (ex: SAP GRC, SailPoint) is a plus.
• Experience using GRC tools and technologies for audit support and governance management (plus if client focused) is a plus.
• Risk management framework (COBIT, NIST or IS27001) experience is a plus.
• Ability to plan, organize, and prioritize work to meet deliverables and deadlines.
• Experience with external clients and third parties working on assessments and contracts is a plus.
• Experience in Financial Industry/Fintech is a plus.