Tech Risk Advisory and Security Incident Response Team (APAC) - Vice President - Hong Kong
Type: Full Time
Internal Number: 13200046
What We Do At Goldman Sachs, our Engineers don't just make things - we make things possible. Change the world by connecting people and capital with ideas. Solve the most challenging and pressing engineering problems for our clients. Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action. Create new businesses, transform finance, and explore a world of opportunity at the speed of markets . Engineering, which is comprised of our Technology Division and global strategists groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions. Want to push the limit of digital possibilities? Start here.
Who We Look For Goldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment.
Business Unit Overview Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has a global presence across the Americas, APAC, India and EMEA. The Tech Risk APAC team, led by the Head of Technology Risk for Asia Pacific, drives key Tech Risk programs and key initiatives. We are also part of the global Advisory and Security Incident Response Team (SIRT), led by the global Head of Advisory and global Head of SIRT respectively, with regional responsibility assessing security risks, and managing information/cyber security events and incidents which may adversely impact the business, or reputation of the firm, its subsidiaries, and affiliates. The goal is to ensure that the firm is very much engaged and focused on what we need to do in view of dynamic threat environment and changing business requirement.
Role In this role, you will be a full time Vice President as an Information and Cybersecurity professional with experience in infrastructure and application security risk assessment, as well as security event investigation and incident response. It requires broad understanding of the firm's Information Security/Cybersecurity policies and controls as well as an ability to coordinate incident response across all technology platforms.
The ideal candidate should have effective leadership skills in managing risk and cyber threats for the firm by engaging with teams across different Divisions and working with regional and global teams within Technology Risk to detect and respond to cyber threats. A candidate with a background in regulatory environments in Asia Pacific jurisdictions, information/cyber security, and the financial services sector is an added advantage.
Manage a team of Information and Cybersecurity professionals from Advisory and SIRT functions across the Asia Pacific region in different countries, and provides necessary coaching and guidance to all team members to ensure their continuous career and professional development fulfilling the need according to the firm's business strategy
Conduct security assessment of business initiated projects helping to drive adoption of application and infrastructure security controls and best practices
Advise on leading edge engineering to protect the firm's network from security risks related to web, mobile, web services, and client/server architectures.
Conduct risk reviews of 3rd party systems and applications to assess the standard and proprietary application security controls used by the application (e.g. authentication, authorization, input validation, output sanitization, error handling, application resilience) against firm policies and standards
Work with local teams in various jurisdictions where specific technology and cybersecurity regulations create requirements that are not directly supported by our global framework.
Drive implementation of security controls in various platforms by working with technology infrastructure teams.
Demonstrate deep understanding, passion and thought leadership for Information and Cybersecurity and its impact of new technologies, services and solutions
Investigate, coordinate and address Information and Cybersecurity incidents
Act as liaison for global team in coordinating collection and preservation of forensic evidence in support of security event investigation.
Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach.
Collaborate with the global team to continually operate and improve a world-class cyber program by providing input into the uplift of sensory tools, detection tuning, and access to data sources to increase detection effectiveness.
Drive the adoption and uplift of global security programs throughout the Asia Pacific region
Convey complicated technical analysis to senior management via investigation synopses, graphical depictions of attacks, and comprehensive presentations.
Act as a liaison to senior business leaders, including those outside of the Engineering Division, during security investigations and incidents
Respond to regulatory requests regarding security incidents, as well as the relevant protective and detective security measures.
Report the status of ongoing incidents, as well as the follow-up actions for resolved incidents, to regional and global management
Support Compliance, regulatory, or litigation related investigations by coordinating e-discovery, evidence collection and other such activities.
Communicating status and risks in a succinct, direct and open manner for proper issue management life cycle tracking.
Drafting responses to requests for information from regulators in the jurisdictions in which the firm operates, within Asia Pacific
Coordinating engagements with regulators, including periodic reporting, preparation of presentations and written deliverables
Conducting analysis to identify potential gaps and issues from ongoing changes of regulatory requirement of relevance to the firm's business and risk environments
Preparing presentations and written products on regulatory trends and issues to inform senior leadership decisions
Coordinating with counterparts in other jurisdictions and regional stakeholders (e.g. Legal, Compliance, Operational Risk) to ensure consistent responses across all regulators
Bachelor degree or higher
Minimum of 10-15+ years of relevant experience in Information and Cybersecurity
Excellent English communication skills, both verbally and in writing
Chinese language (written and spoken such as Mandarin) is an advantage
Exceptional attention to detail
Strong analytical, interpersonal, problem solving, organizational and time management skills
Excellent influencing skills at all levels and the ability to develop and maintain good relationships
Strong sense of ownership and accountability, driven to manage tasks to completion
Ability to communicate status, risks, and technical details in a succinct, direct and open manner to both technical and non-technical audiences
Ability to engage in deep technical discussions with other Engineering groups, as well as ability to convey the same concepts and issues at a high level to senior management
Excellent presentation skills
Experience working in a distributed team with expectation for rapid escalation of issues and risks
The ability to manage multi-task effectively and interact in a matrixed organization is essential
Experience working in Information security / Cybersecurity from a sizeable multinational organization
Work effectively both independently and as part of a team, self-motivated and deadline driven
The ability to manage multi-task effectively and interact in a matrixed organization is essential
Graduate degree in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security is preferred. Bachelors of Science/Arts in Forensic Computing, System/Computer Engineering, Data Science, Engineering, Operations Research, or Decision Science will be also considered.
Coursework or experience in computer science, computer security, computer networking, system design, system integration, software development, emerging technologies, open source frameworks, encryption schemes, and application testing/penetration testing/reviews preferred.
Experience working in Information/Cyber security, IT Risk & Governance from a sizeable multinational organization
Industry Certifications such as CISA, CISSP or Forensics-related certification are beneficial
ABOUT GOLDMAN SACHS
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers .
We're committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https:// www.goldmansachs.com/careers/footer/disability-statement.html
?? The Goldman Sachs Group, Inc., 2021. All rights reserved. Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity