Security Engineer - Technology Risk
MORE ABOUT THIS JOB
Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.
SECURITY INCIDENT RESPONSE TEAM (SIRT) supports and enables a comprehensive technical Cyber Defense program for the firm while increasing awareness of current and potential Cyber Threats. Works across the organization to operate efficiently, provide technical
investigative support and mitigate threats to the firm.
Business Unit Overview Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has a global presence across the Americas, APAC, India and EMEA.
The Tech Risk APAC team, led by the Head of Technology Risk for Asia Pacific, drives key Tech Risk programs and key initiatives. We are also part of the global Security Incident Response Team (SIRT), led by the global Head of SIRT, with regional responsibility managing information/cyber security events and incidents which may adversely impact the business, or reputation of the firm, its subsidiaries, and affiliates. The goal is to ensure that the firm responds to and recovers from any of such security incidents. Role In this role, you will be a full time Vice President as an Information Security and Cybersecurity professional with experience in security event investigation and incident response. It requires broad understanding of the firm's Information Security/Cybersecurity policies and controls as well as an ability to coordinate incident response across all technology platforms. The ideal candidate should have effective leadership skills in managing risk and cyber threats for the firm by engaging with teams across different Divisions and working with regional and global teams within Technology Risk to detect and respond to cyber threats. A candidate with a background in regulatory environments in Asia Pacific jurisdictions, information/cyber security, and the financial services sector is an added advantage. RESPONSIBILITIES AND QUALIFICATIONS HOW YOU WILL FULFILL YOUR POTENTIAL
• Job Responsibilities:
• Investigate, coordinate and address information security and Cybersecurity incidents
• Act as liaison for global team in coordinating collection and preservation of forensic evidence in support of security event investigation.
• Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach.
• Advise on leading edge engineering to protect Goldman Sachs' network from security risks related to web, mobile, web services, and client/server architectures.
• Collaborate with the global team to continually operate and improve a world-class cyber program by providing input into the uplift of sensory tools, detection tuning, and access to data sources to increase detection effectiveness.
• Drive the adoption and uplift of global security programs throughout the Asia Pacific region Convey complicated technical analysis to senior management via investigation synopses, graphical depictions of attacks, and comprehensive presentations.
• Act as a liaison to senior business leaders, including those outside of the Engineering Division, during security investigations and incidents
• Respond to regulatory requests regarding security incidents, as well as the relevant protective and detective security measures.
• Report the status of ongoing incidents, as well as the follow-up actions for resolved incidents, to regional and global management
• Support Compliance, regulatory, or litigation related investigations by coordinating e-discovery, evidence collection and other such activities.
• Participate in a global rota coverage model to prevent and remediate security threats against Goldman Sachs' global business network. SKILLS AND EXPERIENCE WE ARE LOOKING FOR
• Bachelor degree or higher
• Native-level Japanese language (spoken and written)
• Clear English communication skills, both verbally and in writing
• Strong analytical, interpersonal, problem solving, organizational and time management skills
• Excellent influencing skills at all levels and the ability to develop and maintain good relationships
• Strong sense of ownership and accountability
• Ability to communicate status, risks, and technical details in a succinct, direct and open manner
• The ability to think "outside the box" and develop creative solutions to complex technical and process problems
• Ability to engage in deep technical discussions with other Technology groups, as well as ability to convey the same concepts and issues at a high level to senior management
• Excellent presentation skills
• Experience working in a distributed team with expectation for rapid escalation of issues and risks
• The ability to manage multi-task effectively and interact in a matrixed organization is essential
• Experience working in Information security / Cybersecurity from a sizeable multinational organization
• Work effectively both independently and as part of a team, self-motivated and deadline driven Preferred Qualifications
• Graduate degree in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security is preferred. Bachelors of Science/Arts in Forensic Computing, System/Computer Engineering, Data Science, Engineering, Operations Research, or Decision Science will be also considered.
• Coursework or experience in computer science, computer security, computer networking, system design, system integration, software development, emerging technologies, open source frameworks, encryption schemes, and application testing/penetration testing/reviews preferred.
• Industry Certifications such as CISSP or GIAC Cyber Defense, Penetration Testing, or Incident Response and Forensics-related certification
#techriskcybersecurity ABOUT GOLDMAN SACHS
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
Â© The Goldman Sachs Group, Inc., 2020. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.