Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and cyber threats. Responsible for detecting and preventing cyber intrusions, developing secure applications and infrastructure, measuring engineering risk, and driving the implementation of engineering risk controls. The team has a global presence across the Americas, APAC, and EMEA.
Within Technology Risk, the Digital Risk Office’s (DRO) Integrated Risk Management Program elevates Engineering's capabilities to identify, prioritize, and govern engineering thematic risk and remediation. The DRO has established a centralized governance model to oversee the First Line of Defense for Engineering Risk Management and its integration into the firmwide risk management taxonomy and process as well as funding decisions to promote a culture of individual accountability.
Your Impact
In this position you will work with DRO Leadership and partner with colleagues across Engineering, Operational Risk, and Internal Audit to govern and manage the entire Engineering Issue Management Lifecycle, including identification, evaluation, remediation, closure, change management, and reporting and escalation of engineering issues within the firm. Your role will be critical in building an effective Engineering Issue Management Program in alignment with the firm’s Enterprise Risk Management Framework.
Responsibilities Include
Collaborate with stakeholders to capture, investigate, and assign overall ownership for issues
Perform root cause analysis, leveraging quantitative and qualitative methods to determine issue severity
Work with Engineering colleagues to develop action plans to address root cause(s) for remediation
Identify dependencies between action plans, ensuring resources are managed appropriately
Collaborate with various delivery teams to govern and track remediations
Validate completeness of action plans and ensure that controls are effective prior to closing the issue
Ensure that key changes to issues are subject to review and approval
Report and escalate to the appropriate governance forums
Facilitate lessons learned and continuous process improvement
Basic Qualifications
Experience in enterprise risk management, internal audit, information security, technology risk, or cybersecurity
Ability to conduct risk analysis, root cause analysis, and action plan development
Understanding of basic technology concepts (applications, infrastructure, databases, etc.)
Knowledge of commonly used frameworks (NIST, COBIT, ISO, etc.)
Strong verbal and written communication skills
Ability to present with impact and influence
Preferred Qualifications
Experience in program management, project management, or change management
Knowledge of governance or risk management methodologies