Risk, Technology Failure, Vice President, Dallas

Organization: Risk Division / Operational Risk

Team / Role: Technology Failure Risk Lead

Level / Location: Vice President / Dallas

The Operational Risk Department at Goldman Sachs is an independent risk management function responsible for developing and implementing a standardized framework to identify, measure, and monitor operational risk across the firm.

The Technology Failure Risk Lead role is for a professional with deep technology subject matter expertise dedicated to actively employing and strengthening the components of the firm's operational risk management framework relating to technology risks. This role will be responsible to continuously identify, monitor, measure, assess, and challenge firm-wide technology process, risk, and controls.

Responsibilities:

* Identify, monitor, and analyze operational risks arising from the execution of technology operations primarily related to SDLC, Technology Resilience, Network, Cloud, ITAM, Incident Response. and develop evidence-based challenges focused on improving such operations.

* Develop and perform ongoing analysis of Operational Risk loss, near miss, and external events to inform RCSA results, technology assessments and scenario analysis.

* Conduct data analysis to identify trends and patterns in technology failure domains augmenting such with qualitative observations to monitor risk taking trends through bespoke metrics at firmwide and divisional/sub-divisional levels, escalating concerns to senior management when warranted.

* Contribute to divisional and functional risk profile assessments by highlighting risk issues and trends to senior divisional managers and senior Operational Risk management team.

* Conduct evidence-based scenario analysis by working with stakeholders to develop plausible tail risk scenarios around unauthorized or improper access used in quantifying specific businesses exposure to potential risk.

* Facilitate operational risk event and data collection; perform detailed reviews of trends to identify significant risks and ensure monitoring and remediation.

* Review New Activities and ensure operational risks arising from acquisitions, new products and/or business, and migrations, etc. are properly considered.

* Contribute to review and challenge of technology failure control assessments to ensure the risk and control self -assessment outcomes are consistent, credible, and underpinned by appropriate evidence.

* Remain current on business drivers, regulatory and industry changes impacting the firms information and cybersecurity activities and obligations.

* Identify and drive initiatives that improve the risk management activities at the firm

This role requires an energetic self-starter that can liaise with Engineering teams both regionally and globally. Experience and knowledge in a regulated enterprise network, preferably financial institution's technology infrastructure/applications and control requirements are required together with strong interpersonal and analytical skills for this role.

Qualifications

* 7+ years of relevant experience, which could include working in operational risk; in a financial institution's technology division; a technology company that builds or maintains enterprise systems, like cloud services; offensive or defensive cybersecurity; or IT or Information Security/Cybersecurity auditors.

* Strong understanding of technology application and infrastructure components such as servers, storage, databases, networking, SDLC, AI/ML, Cloud platforms, etc.

* Proven ability to perform monitoring & testing (design and operating effectiveness) of controls across Technology Failure domains (e.g. SDLC, Change Management, Incident Response, Capacity, Resilience, etc.)

* Strong business acumen with general awareness of technology related processes, risks and business flows

* Strong verbal and written communication skills with the ability to present with impact and influence

* Experience with frameworks like NIST, FFIEC, COBIT, Cloud Security Alliance Cloud Controls Matrix, and/or ISO 27001

* Ability to work in a fast-paced environment with a strong delivery focus

* Strong organizational skills (project management experience a plus)

* Ability to work in a team environment and knowledge share with other colleagues within team

* Proficiency in World, Excel, PowerPoint, SharePoint/OneDrive - SQL, graph databases and Tableau (would be a plus)

* Relevant certifications like CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) or related IAM certifications

* Familiarity with enterprise risk management best-practices and controls

* BA or BS College Degree in Business, Sciences, or Engineering.