Engineering Division, Tech Risk Advisory, Executive Director

WHO WE ARE

Led by the Chief Information Security Officer (CISO), Technology Risk leads the effort to secure Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Advisory is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and control across Goldman Sachs. The team plays a critical role in designing and assessing controls for our transition to building native public cloud applications.

YOUR IMPACT

In this role, you will be supporting one of the following key pillars of Tech Risk Advisory, which is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, via Architecture assessment and penetration testing, and guiding technology innovation in terms of security and control across Goldman Sachs.

Based on your skills and interests, you would be aligned with one of the key Advisory pillars and responsible for delivery of subset of the functions as part of the team.

Tech Risk Advisory Pillars

. Application Security: Help architect and software engineers design and build secure applications.

. Identity and Access Management: Drive the design of business-driven entitlements for end users and systems to allow authorized access to data and services.

. Data Security & Privacy: Drive the inventory of personal data in the firm, design systems that protect and allow authorized access to the data.

. Acquisitions & Divestitures: Assess the security posture of a potential acquisition, strategic investment, new business, or firm divestiture and provide support on any of the above as it relates to the firm's security controls.

. Mobile Security: Help engineering teams to design and build secure mobile applications.

. Platform Security Architecture: Drive secure design of enterprise platforms, develop secure frameworks and patterns for infrastructure, cloud, and emerging technology, establish shared responsibility models for shared and firmwide platforms.

. Vendor & Partner Security: Assess and oversee information security, application security, Cloud security and business continuity related risks that may arise from outsourcing business activities to vendors.

. Secure-SDLC: Help engineering teams to identify and remediate security flaws in applications at scale through automated means.

HOW YOU WILL FULFILL YOUR POTENTIAL

You will become a highly committed and trusted Risk Advisor with the discipline and interpersonal skills to work in a global environment communicating the impact of technology risks and the approach to mitigation and acceptance. You will provide Technology Risk Advisory risk assessment and advisory services to engineers and business leaders as part of the Technology Risk function.

Overall, the Job Responsibilities of Tech Risk Advisory involve one or more of the following elements, the specifics of which may vary per function:

JOB RESPONSIBILITIES:

. Perform pentest of web applications, APIs, Mobile applications, and Thick Client applications, both On-prem and in the Cloud

. Design secure patterns and produce guidance to reduce risks through opinionated architecture

. Validate security controls and uncover misconfigurations across various cloud deployments

. Perform software architecture design reviews/threat modeling for on-prem or cloud-based applications

. Drive adoption of embedded application security controls within the firm's Software Development Life Cycle (SDLC)

. Develop detection capabilities for Static and Dynamic security testing solutions and support development teams in their remediation efforts to address security flaws identified through automated scanning

. Conduct Cyber security assessments of the firm's vendors commensurate with the information risk of the relationship

. Support the firm's acquisition strategy by providing deal teams with insight into material cyber security risks, control differences, and risk remediation priorities for potential acquisition targets

. Partner with business and technology teams to identify security-related concerns relating to divestitures, such as separation strategy, data and system migration plans, and inputs for Transition Service Agreements (TSAs) and Reverse TSAs

. Provide guidance to business and technology users on relevant policies/standards related to data protection, privacy, and data risk management to enable adoption of secure and resilient solutions

. Support IAM program initiatives such as Privileged Access Management (PAM), Role-Based Access Control (RBAC), Segregation of Duties (SOD) and Single Sign-on Design Pattern enforcement.

JOB REQUIREMENTS:

. Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field.

. Min. 10 years of experience in Technology Risk and/or Cybersecurity, with a proven track record of being in a consulting or security engineering capacity.

. Deep understanding of at least one major programming language (Java, Python, Go) and modern engineering practices (Microservices, Containerization, IaC).

. Hands-on experience with public cloud platforms and their respective security frameworks.

. Exceptional interpersonal skills with the ability to influence technical and non-technical stakeholders globally.

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.

We're committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html

©The Goldman Sachs Group, Inc., 2026. All rights reserved.

Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, veterans status, disability, or any other characteristic protected by applicable law.