Risk, Operational Risk - Engineering Divisional Coverage, Associate, Dallas

Job Description

Organization: Risk Division, Operational Risk

Team / Role: Operational Risk Engineering Divisional Coverage

Level/Location : Associate, Dallas.

The Operational Risk Division at Goldman Sachs is an independent risk management function in the Risk Division and is responsible for developing and implementing a standardized Operational Risk Management Framework (ORMF). This framework is used to identify, measure, monitor, and escalate operational risk across the firm.

The Divisional Engineering Coverage role is for a professional with deep technology subject matter expertise dedicated to actively employing and strengthening the components of the firm's operational risk management framework relating to technology risks. This role will be responsible for continuously identifying, monitoring, measure, assessing, and challenging operational risk for the Global Banking & Markets (GBM) engineering division across all technology risks.

The Engineering Organization includes the Engineering Division and technology and strategist groups in Revenue and Federation divisions. Our engineers are responsible for building and deploying innovative technical and quantitative solutions for our clients and our firm.

Responsibilities:

• Identify, monitor, and analyze operational risks from changing technology services on the Goldman Sachs technology portfolio. As new technology is implemented and existing technology is retired, the firm's risk position will experience variations in its residual risk status and develop evidence-based challenges focused on improving such operations
• Coordination and key participation in the development of the evolving risk position of new technology and third-party software. Escalate and track individual risk items, ensuring appropriate attention and resolution.
• Collaborate with technology teams to identify potentially elevated risk concentrations globally. Assess inherent risks and mitigating controls, recommending adjustments to meet GS policy, regulatory requirements, and industry best practices.
• Develop and perform ongoing analysis of Operational Risk loss, near miss and external events to inform RCSA results, technology assessments and scenario analysis. Investigate Operational Risk events meeting selection criteria; assist Business Operational Risk Leads in determining the appropriate consideration of technology risk management and risk events.
• Establishes and oversees the application of operational risk policies, technology and tools, and governance processes to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, and emerging risks.
• Working with colleagues in Operational Risk, as well as technology, business and other control functions, the Operational Risk Lead is expected to contribute to the Oversight of Technology and IT Risks, Key Technology Operational Risks, Assessments and related indicators and thresholds, Challenge of technology Risk Self Assessments, Issue management, oversight, and escalation.
• Facilitate operational risk events/s and data collection; perform detailed reviews of trends to identify significant risks and ensure monitoring and remediation.
• Review New Activities and ensure operational risks arising from acquisitions, new products and/or business, and migrations, etc. are properly considered
• Contribute to divisional and functional risk profile assessments by highlighting risk issues and trends to senior divisional managers and senior Operational Risk management team
• Conduct quarterly triggered assessments for the division to ensure the division's risk and control self-assessment outcome are consistent, credible, and underpinned by appropriate evidence
• Remain current on business drivers, regulatory and industry changes impacting the firm's technological activities and obligations
• Contribute to the advancement of operational risk methods and practices and the operational risk management framework
• Identify and drive initiatives that improve the risk management activities at the firm
• Conduct division aligned risk assessment based on application, infrastructure, and platforms.

This role requires an energetic self-starter that can liaise with Engineering teams and business both regionally and globally. Experience and knowledge in a financial institution's technology infrastructure/applications and control requirements are required together with strong interpersonal and analytical skills for this role.

Qualifications:

• 4-7 years of experience in Technology Risk, Technology Audit, Application Security, Software/Infrastructure Engineering, Public Cloud, or related fields.
• Experienced in regulatory technology related examinations.
• Proven ability to perform test of controls (design and operating effectiveness) e.g. Cloud, SDLC, AI/ML, Change Management, Identity and Access Management, Third Party, Encryption, Configuration Management, Patching, Network Security, Incident Response, Capacity and Resiliency.
• Working knowledge with technology application and infrastructure components such as Servers, Storage, Networking, Application Development, SDLC, End User Platforms, Digital Workflow, Artificial Intelligence & Machine Learning, Cloud technologies, Data Engineering, Mobile/Web Applications, and Database Management systems.
• Ability to review code (Java, C#, C++, Python, VBA macros etc.)
• Systems development/SDLC tools and processes (SVN/CVS, build, software testing, configuration, and deployment)
• Cloud computing (Private, AWS, Google, Azure, Docker)
• Strong understanding of technology control frameworks and industry guidance such as COBIT, NIST, ISO27001, and FFIEC.
• Professional certifications such as CRISC, CISA, CISM, CISSP, CCSP, and AWS Certified Solutions Architect are preferred.
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals.
• Excellent analytical and problem-solving skills, inquisitive nature and comfort challenging current practices.
• Proven track record of taking ideas forward without supervision and challenging others, where appropriate.
• Adapt at developing relationships with senior business executives with a reputation for partnering across organization lines to mitigate risks.
• Highly disciplined, able to work with limited supervision and make independent decisions.
• Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results.
• Knowledge of Data Management and/or Visualization (i.e., Alteryx, Tableau) a strong plus
• High level of professionalism, self-motivation, and sense of urgency.
• BA or BS College Degree in Business, Sciences or Engineering.