Description RISK The Risk Division is a team of specialists charged with managing the firm’s credit, market, liquidity, operational and capital risk. Whether assessing the creditworthiness of the firm’s counterparties, monitoring market risks associated with trading activities, or offering analytical and regulatory compliance support, our work contributes directly to the firm’s success. The division is ideal for collaborative individuals who have strong ethics and attention to detail. OPERATIONAL RISK- TECHNOLOGY The Operational Risk Division at Goldman Sachs is an independent risk management function responsible for developing and implementing a standardized Operational Risk Management Framework (ORMF) to identify, measure, monitor, and escalate operational risk across the firm. The Technology Operational Risk (TOR) role is for a professional with deep technology subject matter expertise dedicated to actively employ and strengthen the components of the firm’s operational risk management framework relating to technology risks. THE ROLE & RESPONSIBILITIES This role will be responsible to continuously identify, monitor, measure, assess, and challenge operational risk for the Engineering Division. As a senior Technology Operational Risk Lead, you will be responsible for providing independent oversight and challenge of the first line of defense (1LoD) technology risk management practices. The Engineering Organization includes the Engineering Division and technology and strategist groups in Revenue and Federation divisions. Our engineers are responsible for building and deploying innovative technical and quantitative solutions for our clients and our firm. Assess the governance of risk management practices pertaining to the risk and controls of the technology assets and systems, adherence to policies, standards, and procedures. Risk assessment of the impact of changing application, infrastructure, and Cloud computing services on the Goldman Sachs technology portfolio. Coordination and key participation in the development of the evolving risk position of new technology and third-party software. For each of the technology areas in focus, this individual will be charged with escalating and tracking the individual risk items. Work with appropriate technology areas to identify potentially elevated risk concentrations globally and perform independent assessments of the corresponding inherent risks and mitigating controls. Recommend any adjustments required to meet firm’s policy, regulatory requirements, and industry best practices. Develop and perform ongoing analysis of operational risk loss, near miss and external events to inform RCSA results, technology assessments and scenario analysis. Establishes and oversees the application of operational risk policies, technology and tools, and governance processes to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, and emerging risks. Working with colleagues in Operational Risk division, as well as technology, business and other control functions. The Operational Risk Lead is expected to contribute to the oversight of technology failure risks. Manage identified risks using firm's Operational Risk Management Framework. Conduct line of business-oriented risk assessment based on application, infrastructure, and platforms. Participate in key governance, steering groups and control forums. This role requires an energetic self-starter that can liaise with Engineering teams and business both regionally and globally. Experience and knowledge in a financial institution’s technology infrastructure/applications and control requirements are required together with strong interpersonal and analytical skills for this role. EXPERIENCE & SKILLS REQUIRED 10 years of experience in Technology Risk, Technology Audit, Application Security, Software/Infrastructure Engineering, or related fields. Experienced in regulatory technology related examinations. Proven ability to perform test of controls (design and operating effectiveness) e.g. Cloud, SDLC, AI/ML, Change Management, Identity and Access Management, Third Party, Encryption, Configuration Management, Patching, Network Security, Incident Response, Capacity and Resiliency. Knowledge with technology application and infrastructure components such as Servers, Storage, Networking, Application Development, SDLC, End User Platforms, Digital Workflow, Artificial Intelligence & Machine Learning, Cloud technologies, Data Engineering, Mobile/Web, and Database Management systems. Ability to review code (Java, C#, C++, Python, VBA macros etc.) Systems development/SDLC tools and processes (SVN/CVS, build, software testing, configuration, and deployment) Cloud computing (Private, AWS, Google, Azure, Docker) Linux and Windows operating systems: security, configuration, and management Database design, setup, and administration (DBA) experience with Sybase, Oracle, or UDB Big data systems: Hadoop, Snowflake, NoSQL, HBase, HDFS, MapReduce Web and Mobile technologies, digital workflow tools Site reliability engineering and runtime operational tools (agent-based technologies) and processes (capacity, change and incident management, job/batch management) Email, messaging, and collaboration systems (Office 365, Exchange, SharePoint, instant messaging) Strong understanding of technology control frameworks and industry guidance such as COBIT, NIST, ISO27001, and FFIEC. Professional certifications such as CRISC, CISA, CISM, CISSP, CCSP, and AWS Certified Solutions Architect. Experience in managing regulatory exams and relationships with examiners and auditors Ability to work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization; to influence and lead people across cultures at a senior level Excellent analytical and problem-solving skills, inquisitive nature and comfort challenging current practices. Proven track record of taking ideas forward without supervision and challenging others, where appropriate. Adapt at developing relationships with senior business executives with a reputation for partnering across organization lines to mitigate risks. Highly disciplined, able to work with limited supervision and make independent decisions. Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results. High level of professionalism, self-motivation, and sense of urgency. BA or BS College Degree in Engineering, Computer Science, and Risk Management. ABOUT GOLDMAN SACHS At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world. We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers. We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html © The Goldman Sachs Group, Inc., 2021. All rights reserved. Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity