Associate Security Engineering

Associate Security Engineering

Role Overview

The Cybersecurity and Client Engagement Risk Associate position in Asset and Wealth Management engages new and existing institutional clients, supports compliance activities (e.g., SOC reports, ISO, PCI, NYDFS, etc.) and engages across the firm with Business, Engineering, Legal and Cyber SMEs. This role includes critical activities such as assessing and negotiating tech risk commitments, responding and editing security agreements/assessments, and getting involved in addressing technical and business cyber activities.

Key Responsibilities

Client Due Diligence & Revenue Protection:

• Engagement: Proactively engages with institutional clients to articulate Goldman Sachs' robust information security posture and address their specific security and compliance inquiries.
• Client Vendor Due Diligence: Executes comprehensive client-focused vendor due diligence processes, assessing third-party information security risks specifically within the financial services regulatory landscape.

Operational:

• Actively participates in and drives resolution of complex technical and business cyber activities, including security architecture reviews, control implementation, and operationalizing compliance requirements.

Strategic Innovation:

• Partner in the integration of Artificial Intelligence (AI) and Machine Learning (ML) to automate due diligence, contract engagements, and scale the program efficiently.
• Research and evaluate emerging global client trends in client contract focus and regulatory landscapes to advise affiliates and internal stakeholders on proactive contractual/regulatory risk mitigation strategies.

Skills And Experience Required

Operational Experience:

• Minimum two years working as an Information Security professional and/or Computer Engineering background with cyber risk operational experience, including hands-on involvement in security incident response coordination and vulnerability management program support.

Technical Platform Experience:

• Demonstrated hands-on experience with security controls and configurations across diverse IT platforms, including web applications, middleware, cloud services (IaaS, PaaS, SaaS), and database systems.

Security Standards:

• Familiarity with leading security standards and frameworks such as NIST, OWASP, SANS Top 20, PCI DSS, and CIS Controls.

Cybersecurity Knowledge Depth:

• Deep understanding and practical application of security principles across web, mobile, cloud (IaaS, PaaS, SaaS), and client/server architectures, including threat modeling, vulnerability management, and secure development lifecycles.

Communication of Complex Concepts:

• Ability to translate complex technical cybersecurity concepts into clear, actionable insights for both technical and non-technical audiences.

Detail Orientation & Self-Motivation:

• Demonstrated exceptional attention to detail, meticulous organizational skills, and a proactive, self-motivated approach to problem-solving.

Emotional Intelligence (EQ):

• Demonstrated ability to build rapport, influence stakeholders, and manage challenging client conversations with diplomacy and professionalism.

Preferred Qualifications

• BS degree in Computer Science, Cyber Security, Information Security, or a related technical field.
• Relevant industry certifications such as CISSP, CISM, CRISC, CISA, or cloud-specific security certifications (e.g., AWS Certified Security – Specialty).
• 1-2 yrs Operational and/or experience with Cloud services (as provider or client) or certified CCNA, CCNP, AWS security.
• Implementation and/or operational experience with Third Party Risk (TPRM), Risk Management Solutions (ex: SAP GRC, LogicManager, ServiceNow, Audit Board, RSA Archer, Reciprocity, etc.) or deploying automated DDQ workflows.
• Scripting/Automation: Practical experience with scripting or automation (e.g., Python, PowerShell) for security tasks and data analysis.
• Familiarity with leveraging Artificial Intelligence and Machine Learning (AI/ML) for AI Governance (e.g., data poisoning, prompt injection), automating compliance checks, or enhancing cybersecurity capabilities, such as predictive risk modeling, anomaly detection in vendor assessments.

Key skills/competency

• Cybersecurity
• Risk Management
• Information Security
• Client Engagement
• Compliance
• NIST
• Cloud Security
• Vulnerability Management
• Security Standards
• AI/ML Security