Engineering - Technology Risk - Regulatory & Controls
MORE ABOUT THIS JOB
ENGINEERING What We Do
At Goldman Sachs, our Engineers don't just make things - we make things possible. Change the world by connecting people and capital with ideas. Solve the most challenging and pressing engineering problems for our clients. Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action. Create new businesses, transform finance, and explore a world of opportunity at the speed of markets .
Engineering, which is comprised of our Technology Division and global strategists groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions. Want to push the limit of digital possibilities? Start here. Who We Look For
Goldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment. RESPONSIBILITIES AND QUALIFICATIONS Job Summary & Responsibilities
Full Time Vice President with advanced communication, analysis, project management skills and experience with technology governance and technical controls. Understanding of the regulatory environment for financial institutions in China is required. Background in regulatory environments in Asia Pacific jurisdictions, information/cyber security, and the financial services sector highly preferred. Team Description:
The Regulatory & Controls team resides within firm's Technology Risk department, which is led globally by the firm's Chief Information Security Officer (CISO) and regionally by the Head of Technology Risk for Asia Pacific. The Technology Risk department maintains responsibility for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications, measuring cybersecurity risk, and driving implementation of cybersecurity controls. The Regulatory & Controls team has three principal objectives: (1) efficiently provide timely and accurate information to global regulators regarding the firm's information security; (2) drive security improvements and prioritization based on internal security requirements and regulations if effect in the jurisdictions in which we operate; and (3) inform business decisions by providing insights about relevant regulatory trends and changes. Separately, the Regulatory & Controls team is responsible for coordinating the development of technology-related policies and standards across the firm. Responsibilities:
- Drafting responses to requests for information from Chinese regulators for information security and cybersecurity matters.
- Perform gap analysis of new and changing Chinese regulations impacting technology operational risk including but not limited to information security & cybersecurity.
- Coordinating engagements with regulators, including periodic reporting, preparation of presentations and written deliverables for information security and cybersecurity related topics.
- Conducting analyses to identify regulatory trends of relevance to the firm's business and risk environments
- Preparing presentations and written products on regulatory trends and issues to inform senior leadership
- Drive China participation in global and regional Technology Risk programs and activities
- Coordinating with counterparts in other jurisdictions and regional stakeholders (e.g. Legal, Compliance, Operational Risk) to ensure consistent responses across all regulators
- Driving implementation of specific security controls based on internal security priorities and regulatory requirements
- Managing China local/regional audit and regulatory activities relevant to Technology Risk with primary focus on Information Security and Cybersecurity
- Conducting risk reviews of business and engineering initiated projects to ensure adequate security controls and best practices are in place
- Managing and delivering regional specific control adoption and uplift initiatives from global Technology Risk programs
- Communicating status and risks in a succinct, direct and open manner for proper issue management life cycle tracking.
- As needed, support development of engineering related policies and standards in China
- Bachelor degree or higher
- Strong writing skills, ideally with published academic or professional articles Exceptional attention to detail
- Experience working in Information/Cyber security, IT Risk & Governance from a sizeable multinational organization
- Strong analytical, interpersonal, problem solving, influencing, organizational and time management skills
- Experience in communicating technology risks to senior audiences both technical and non-technical
- Strong sense of ownership and accountability
- Strong English communication skills, both verbally and in writing
- Native-level Chinese mandarin language abilities (read, write and speak)
- Excellent presentation skills
- Work effectively both independently and as part of a team, self-motivated and deadline driven
- The ability to manage multi-task effectively and interact in a matrixed organization is essential
- Knowledge and experience of financial regulatory environment is a must for China, and as an advantage for other jurisdiction within Asia Pacific
- Good understanding and knowledge of the following Technology areas and their impact on Information Security:
- Windows and Unix/Linux operating systems
- Network protocols such as TCP/IP, Firewall and IDS/IPS technology
- Voice and Audio-Visual platforms
- Application security issues such as OWASP Top 10
- Industry Certifications such as CISA, CISSP, and CISM are beneficial
- Strong "risk mindset" with consideration to commercial perspectives
- Balances use of tactical versus strategic solutions when required
- Assists in technical evaluations and vendor management relationships
- Recommends technology solutions that improve operation standards and lowers operations costs
- Process Engineering
- Strong knowledge in development lifecycle approach
- Operations, information technology, or software engineering background required (exposure to formal processes)
- Ability to communicate and enforce standards, process and control
ABOUT GOLDMAN SACHS
- Strong technical project management skills
- Ability to manage multiple programs simultaneously in high pressure environment where change is common place
ABOUT GOLDMAN SACHS
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers .
We're committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https:// www.goldmansachs.com/careers/footer/disability-statement.html
© The Goldman Sachs Group, Inc., 2021. All rights reserved.
Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity