Program Lead - Technology Risk Vulnerability Management
- London, England, United Kingdom
- Permanent, Full time
- Goldman Sachs International
- 19 Mar 19
See job description for details
MORE ABOUT THIS JOB Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives
that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.
RISK ADVISORY delivers best in class advisory support and technology solutions across the information security risk domain including scalable uplifts of common core security solutions for use across Goldman Sachs. Prevents the misuse, unauthorized disclosure, or loss of firm data across e-mail, file transfer, and the Internet. Ensures business continuity and technology resilience by safeguarding Goldman Sachs from major operational disruptions through preventative
measures including business planning, capability design,
and the testing of mitigants.
We are looking for highly self-motivated candidates for our global Vulnerability Management team within Technology Risk Advisory to be based in New York. Our team performs one of the most critical security and risk functions at the firm - detecting vulnerabilities in our technology and ensuring their remediation before they can be exploited by malicious hackers.
We are looking for individuals with experience in a variety of technology disciplines to help us improve and maintain our vulnerability management platform, which involves integrating and automating a variety of tools, data sets, and workflows to detect, prioritize, and risk manage security vulnerabilities.
RESPONSIBILITIES AND QUALIFICATIONS HOW YOU WILL FULFILL YOUR POTENTIAL
• Execute and support the firm's global Vulnerability Management program as part of the team within Technology Risk
• Collaborate extensively with the firm's engineering teams (across both business applications and core infrastructure) help them understand their software vulnerabilities and collectively develop risk mitigation strategies
• Help drive vulnerability discovery requirements using various automated and manual discovery tools and vendors
• Execution of processes and procedures in support of the vulnerability management lifecycle from identification, to remediation, to reportin
• Provide risk assessment inputs into patch management policies and activities for multiple platforms across the firm
• Support the development and reporting of key metrics for the program
SKILLS AND EXPERIENCE WE ARE LOOKING FOR
• Clear communication skills, both verbal and in writing, including the ability to clearly articulate technical vulnerabilities and associated risks to both technical and non-technical audiences
• Strong project and program management skills, including the ability to lead uplift projects from start to finish with significant autonomy and attention to detail
• Experience working within a vulnerability management or related program in a complex and diverse global environment
• Experience with industry standard patch management and vulnerability management tools and techniques
• Knowledge and experience in the areas of security assessment, vulnerability scanning and risk based threat analysis
• Experience executing processes, procedures and automation to support a vulnerability management program
• A passion for, and deep understanding of, the technical aspects of information security with particular focus on vulnerability and threat management
• Bachelor's degree or higher in computer science, information security, or a related field
• Experience leading large scale response/remediation efforts across organizations with heterogeneous technology stacks
• Experience using industry standard vulnerability assessment and management tools (such as nmap, nessus, Splunk, or Qualys) and interpreting, analyzing and assessing their data output
• Experience working as part of a global team
• Significant application or infrastructure security experience, including penetration testing, design and code reviews, and risk assessments
• Significant threat management or incident response experience
ABOUT GOLDMAN SACHS The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
Â© The Goldman Sachs Group, Inc., 2019. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.