Tech Risk Advisory Design Reviewer Team lead - Advisory
MORE ABOUT THIS JOB
Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives
that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.
RISK ADVISORY delivers best in class advisory support and technology solutions across the information security risk domain including scalable uplifts of common core security solutions for use across Goldman Sachs. Prevents the misuse, unauthorized disclosure, or loss of firm data across e-mail, file transfer, and the Internet. Ensures business continuity and technology resilience by safeguarding Goldman Sachs from major operational disruptions through preventative
measures including business planning, capability design,
and the testing of mitigants.
The Technology Risk team protects the systems and data of our firm and our clients, equips our people with understanding and tools to measure risk and enable the use of technology, and evangelizes controls monitoring solutions.
The team encompasses Information Security, Governance, Measurement and Security and Incident Response. The global Technology Risk team currently has presence in New York, London, Tokyo, Bangalore, Hong Kong, Zurich, Moscow, Dallas and Beijing. It covers all technology and business areas including subsidiaries and affiliates globally.
Technology Risk Advisory delivers best in class advisory support and technology solutions across the Information Security risk domains, including scalable uplifts of common core security solutions for use across Goldman Sachs. As a Risk Advisor, you will be part of or oversee a technical team that is responsible for assessing and managing the portfolio of risks for Divisionally aligned products. You are expected to have a working knowledge of the products you support, and provide technical design consultancy services as needed. Your team will be responsible for all assessments, including, Design / Architecture Reviews, Manual Code Reviews, Penetration Testing, and Continuous Monitoring / Scanning. The ideal candidate should possess the aptitude to build coalitions across teams / product owners, educate counterparts on secure development practices and work collaboratively to drive down risk. RESPONSIBILITIES AND QUALIFICATIONS HOW YOU WILL FULFILL YOUR POTENTIAL
• Support the Technology Risk Advisory function by leading a group of highly technical staff that assess risk, identify risk and advice on risk. SKILLS AND EXPERIENCE WE ARE LOOKING FOR
• Examine application state machine to validate assumptions and identify vulnerabilities
• Should have a solid understanding of security controls and how they apply to different designs and systems.
• Understand, highlight and articulate risk to product owners in an understandable language.
• Present alternate designs to the teams in order to help them reduce risks.
• Experience in application vulnerability assessment and penetration testing of web, thick-client, or mobile applications.
• Experience managing a technical team or project, and liaising with product owners to manage risk portfolios.
• Working knowledge of application security tools such as fuzzers, scanners, debuggers, decompilers, proxies, simulators, etc.
• Familiarity with common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g. DropWizard, AngularJS, Tomcat, .Net, Sybase, MS SQL, MongoDB, etc.).
• Understanding of core cryptography concepts (encryption, hashing, HMAC, digital signature) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks).
• Ability to analyse protocols, flows and interactions in a design to evaluate gaps.
• 7- 10 years of relevant work experience. Preferred Qualifications
• Proficient verbal and written communication skills.
• Expert knowledge of network, application and operating system security risks.
• Medium-scale technical program management skills.
• Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security is preferred.
• Experience or training in related disciplines e.g. computer science, computer security, software development, system design, open source frameworks, encryption schemes, etc. ABOUT GOLDMAN SACHS
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
Â© The Goldman Sachs Group, Inc., 2020. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.