Technology - Technology Risk - Application Security Advisory ? Americas Lead Application Security Architect
This job is no longer active.
View similar jobs.
POST DATE 8/26/2016
END DATE 11/4/2016
Goldman Sachs Group, Inc.
New York, NY
JOB DESCRIPTIONOur team of engineers builds solutions to the most complex problems. We develop cutting-edge systems and processes that form the core of our key business and enable transactions to move in milliseconds. We provide real-time access to critical deal information and crunch billions of data points each day to inform firm-wide market insights and strategies. Team members have the opportunity to work at the forefront of technology innovation alongside industry leaders and make significant contributions to the field.
WHO WE ARE
Goldman Sachs is leading global investment banking, securities and investment management firm that provides a wide range of services worldwide to a substantial and diversified client base that includes corporations, financial institutions, governments and high net-worth individuals.
Founded in 1869, it is one of the oldest and largest investment banking firms. The firm is headquartered in New York and maintains offices in London, Bangalore, Frankfurt, Tokyo, Hong Kong and other major financial centers around the world.
We are committed to growing our distinctive Culture and holding to our core values which always place our client's interests first. These values are reflected in our Business Principles, which emphasize integrity, commitment to excellence, innovation and teamwork.
BUSINESS UNIT OVERVIEW
Technology Risk acts as a risk advisor, control monitor and metrics aggregator for the Technology Division. Within Technology Risk, Risk Advisory is the consultative and Technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with technology delivery groups to architect and design secure products and services, embedding implementation reviews as part of the SDLC via code analysis and penetration testing and guiding technology innovation in terms of security and control.
The position is for an experienced Technologist with significant experience in Application Security with a core focus of application security architecture, design and implementation reviews through code analysis and hands on testing. Development experience is preferred as the function this individual will lead is tasked with security review and the engineering and development of security controls.
This position is the Americas lead demanding flexible and broad involvement in our various Technology Risk domains, such as:
? Influencing the overall direction for securing applications at the firm
? Application security requirements and establishing baselines for emerging technologies
? Architecture consulting and formal system Design Review
? Implementation testing through code analysis, automated tools and manual testing
? Collaboration with Engineering platform teams to build controls into firm biased technology
? Driving automation for security control testing into the firm?s standard SDLC
Successful candidate for this role will provide effective leadership in Application Security and risk management by engaging with leaders across the Technology Division and guiding partner functions within Technology Risk to drive more efficient and complete continuous assessment of application controls.
The position will report into the New York Global Manager of Technical Risk Advisory. Direct responsibilities will be to be the Americas lead for the application security practice.
? Americas Practice lead for the firm?s application security team
? Contribute to the implementation and refinement of the strategy for the Application Risk program both globally and in the region
? Drive adoption of embedded application security controls as part of the Software Development Life Cycle (SDLC)
? Assess applications for design related security risks and assist teams in determining appropriate remediation for issues identified
? Provide guidance on existing and emerging threats in the web and mobile application space
? Contribute to the technical understanding and adoption of information security standards, solutions and tools
? Be highly committed both to achieving the deliverables and to the team itself.
? Have the discipline and interpersonal skills to work well in a global environment, complementing teams in other locations.
? Provide deep level subject matter expertise in one or more areas, such as implementation of cryptography, authentication, specific development language implementation risks and secure design patterns
? Work with engineers to develop customized security testing strategy to complement the existing security testing program managed by Technology Risk
? Evaluation of both industry standard and proprietary application security controls (e.g. authentication, authorization, input validation, output sanitization, error handling, application resilience) against firm policies and standards
? Perform Design Review of process-level application architectures to ensure appropriate control specification at design time (inter-process flows across discrete virtual address spaces, e.g. web servers, app servers, service layers, file system access, database access, batch processes, etc.)
? Oversee Code Review and automated testing processes of application security control implementations in Java, C, C++, C#, and ASP.Net
? Drive implementation of security controls in platforms in technology teams and by leveraging the embedded Security Engineering team in Technology Risk Advisory
? Define clear, meaningful metrics for measuring compliance with our policies and standards
Goldman Sachs has one of the most progressive Technology Risk teams in the industry and is continuing to push the development of risk in preference to security within technology and the business. Year on year success has lead the team to work deeper into the organization and gain valuable insights into how technology needs to function, what its risk really is and how this impacts the business.
The Tech Risk team is moving into relationships with Operational Risk and Market Risk teams to further more effective use of technology risk information.SKILLS / EXPERIENCE REQUIRED
The successful candidate will have:
? Strong analytical, communication, interpersonal, problem solving, organizational and time management skills
? Excellent influencing skills at all levels and the ability to develop and maintain good relationships
? Strong sense of ownership and accountability
? Clear communication skills, both verbally and in writing
? Ability to work independently, analyze problems and act decisively with minimal management oversight.
? Demonstrate a passion and thought leadership for and deep understanding of information security and the impact of new technologies, services and solutions
? Communicates status and risks in a succinct, direct and open manner
? Managing global client relationships and working as part of a global team
? Excellent presentation skills
? Balances use of tactical versus strategic solutions when required
? Assists in technical evaluations and vendor management relationships
? Recommends technology solutions that improve operation standards and lowers operations costs
? Specific experience in developing detailed requirements specifications is essential
? Strong knowledge in development lifecycle approach ? operations, information technology, or software engineering background required (exposure to formal processes)
? The ability to communicate and enforce standards, process and control
? Strong technical project management skills
? Ability to manage multiple programs simultaneously in high pressure environment where change is common place
? Proactively involves key users in all stages of the project life cycle
? Anticipates potential obstacles and develops contingency plans to overcome them
? Manages expectations, buil