Job Description


Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.
Risk Advisory delivers best in class advisory support and technology solutions across the information security risk domain including scalable uplifts of common core security solutions for use across Goldman Sachs. Prevents the misuse, unauthorized disclosure, or loss of firm data across e-mail, file transfer, and the Internet. Ensures business continuity and technology resilience by safeguarding Goldman Sachs from major operational disruptions through preventative measures including business planning, capability design, and the testing of mitigants.
Job Summary & Responsibilities

Advanced communication, analysis, project management skills and experience with technology governance and technical controls. Background in regulatory environments in Asia Pacific jurisdictions, information/cyber security, and the financial services sector highly preferred.

Team Description:

The Regulatory & Controls team resides within firm’s Technology Risk department, which is led globally by the firm’s Chief Information Security Officer (CISO) and regionally by the Head of Technology Risk for Asia Pacific.

The Technology Risk department maintains responsibility for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications, measuring cybersecurity risk, and driving implementation of cybersecurity controls.

The Regulatory & Controls team has three principal objectives:
(1) efficiently provide timely and accurate information to global regulators regarding the firm’s information security;
(2) drive security improvements and prioritization based on internal security requirements and regulations if effect in the jurisdictions in which we operate; and
(3) inform business decisions by providing insights about relevant regulatory trends and changes as well as supporting the Technology Division Governance framework. Separately, the Regulatory & Controls team is responsible for coordinating the development of technology-related policies and standards across the firm.


HOW YOU WILL FULFILL YOUR POTENTIAL• Drafting responses to requests for information from regulators in the jurisdictions in which the firm operates, within Asia Pacific• Coordinating engagements with regulators, including periodic reporting, preparation of presentations and written deliverablesof global, regional and local regulatory requirements that have a technology impact, in order to conduct internal self-assessments and gap analyses to ensure compliance• Conducting analyses to identify regulatory trends of relevance to the firm’s business and risk environmentsto ensure regulatory requirements are appropriately understood, communicated, and mitigated where necessary• Preparing presentations and written products on regulatory trends and issues to inform senior leadership decisions• Coordinating with counterparts in other jurisdictions and regional stakeholders (e.g. Legal, Compliance, Operational Risk) to ensure consistent responses across all regulators• Driving implementation of specific security controls based on internal security priorities and regulatory requirements• Managing regional audit and regulatory activities relevant to Technology Risk with primary focus on Information Security and Cybersecurity• Drive and execute Technology Division Governance processes in the region and contribute with regional input to global Governance processes• Conducting risk reviews of business and technology initiated projects to ensure adequate security controls and best practices are in place• Managing and delivering regional specific control adoption and uplift initiatives from global Technology Risk programs• Communicating status and risks in a succinct, direct and open manner for proper issue management life cycle tracking.• As needed, support development of technology-related policies and standardsSKILLS AND EXPERIENCE WE ARE LOOKING FOR• Bachelor degree or higher• Strong writing skills, ideally with published academic or professional articles Exceptional attention to detail• Experience working in Information/Cyber security, IT Risk & Governance from a sizeable multinational organization• Strong analytical, interpersonal, problem solving, influencing, organizational and time management skills• Experience in communicating technology risks to senior audiences both technical and non-tehcnical• Strong se