Risk, Operational Risk (Data Security/DLP - Information and Cybersecurity) Vice President, Dallas

Organization: Risk Division, Operational Risk

Team / Role: Data Security/DLP - Information and Cybersecurity

Level/Location: Vice President, Salt Lake City

The Operational Risk Department at Goldman Sachs is an independent risk management function responsible for developing and implementing a standardized framework to identify, measure, and monitor operational risk across the firm.

This Information and Cybersecurity role is for a professional with technology subject matter expertise dedicated to strengthening the components of the firm's operational risk management framework relating to information and cybersecurity risks. This role will be responsible to continuously identify, monitor, measure and assess operational risk for the Engineering division and Engineering elements of other divisions.

Responsibilities:

• Identify, monitor, and analyze operational risks arising from the execution of technology operations primarily related to identity and access management, etc. and develop evidence-based challenges focused on improving such operations.
• Contribute to divisional and functional risk profile assessments by highlighting risk issues and trends to senior divisional managers and senior Operational Risk management team
• Monitor data security and data loss prevention (DLP) portions of the firms control inventory for sufficiency and completeness and challenge the absence of controls and implementation of controls within engineering standards.
• Facilitate operational risk event and data collection; perform detailed reviews of trends to identify significant risks and ensure monitoring and remediation
• Analyze data to identify trends and patterns in monitoring data, augmenting such with qualitative observations to monitor risk taking trends through bespoke metrics at firmwide and divisional/sub-divisional levels, escalating concerns to senior management when warranted.
• Conduct evidence-based scenario analysis by working with stakeholders to develop plausible tail risk scenarios around data security used in quantifying specific businesses exposure to potential risk.
• Contribute to review and challenge of data security and DLP control assessments to ensure the risk and control self -assessment outcomes are consistent, credible, and underpinned by appropriate evidence.
• Remain current on business drivers, regulatory and industry changes impacting the firm's information and cybersecurity activities and obligations
• Identify and drive initiatives that improve the risk management activities at the firm
• This role requires an energetic self-starter that can liaise with Engineering teams both regionally and globally. Experience and knowledge in a regulated enterprise network, preferably financial institution's technology infrastructure/applications and control requirements are required together with strong interpersonal and analytical skills for this role.

Qualifications

• Knowledge of internal control frameworks (NIST 800-53, ISO 27001) and audit methodologies
• Experience with frameworks like NIST (Cybersecurity Framework, 800-53), COBIT, Cloud Security Alliance Cloud Controls Matrix, and/or ISO 27001
• Familiarity with enterprise risk management best-practices and controls
• 7+ years of relevant experience, which could include working in operational risk; in a financial institution's technology division; a technology company that builds or maintains enterprise systems, like cloud services; offensive or defensive cybersecurity; or IT or Information Security/Cybersecurity auditors.
• Strong organizational skills (project management experience a plus)
• Ability to work in a fast-paced environment with a strong delivery focus
• Ability to work in a team environment and knowledge share with other colleagues within team
• Understanding of data security or DLP concepts.
• Strong business acumen with general awareness of technology related processes, risks and business flows
• Strong verbal and written communication skills with the ability to present with impact and influence
• Proficiency in Word, Excel, PowerPoint, SharePoint/OneDrive - SQL, graph databases and Tableau (would be a plus)
• Relevant certifications like CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) or related certifications
• Have a Bachelor's Degree in Computer Science, Cybersecurity, Business and Technology Management, Finance, Data Science, or related disciplines

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.

We're committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html

The Goldman Sachs Group, Inc., 2023. All rights reserved.

Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, veterans status, disability, or any other characteristic protected by applicable law.