Tech Risk – Regulatory, Policy & Strategy – Regulatory Controls - Governance

Location(s) PL-Warsaw
Job ID
Schedule Type
Full Time
Business Unit
Technology Risk
Employment Type


Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.

RISK GOVERNANCE supports various Technology Risk committee structures to align with industry enterprise risk management standards and ensure risk relevant information in provided for senior leadership with the proper oversight and accountability.

REGULATORY & AUDIT COORDINATION manages Regulatory and Client interactions impacting the Technology Division. Ensures management awareness of regulatory expectations and improves the alignment of technology controls to meet these expectations.
Business Unit Overview Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, The Regulatory, Policy & Strategy team manages interactions with global cybersecurity regulators, continuously assesses the firm’s adherence to a changing technology and risk environment, develops policies and standards to manage the firm’s use of technology, and creates strategies to guide the future of Technology Risk. We are a team of policy professionals, regulatory experts, and communications specialists who work closely with technical teams to identify, document, and remediate information security risks based upon a common understanding of our legal and contractual obligations, of industry best practice, and of sound risk management principles. Role In this role, you will join a team of professionals dedicated to developing the firm’s information security governance program and focus on evaluating and strengthening effective information security controls. A primary function of this role is to enable the implementation of internal policies and standards through control enforcement. You will have the ability to influence change in various areas throughout the firm’s governance framework and program. You will be effective in this role when you leverage analytical thinking skills to assess risks, prioritize based on potential impact and proactively communicate findings. The ideal candidate should possess an advanced interest in the broad information security domain and associated key concepts.


• Job Responsibilities:
• Analyze information security policies and standards in order to determine associated technology controls
• Assess impact of new information security control requirements on the firm’s technology and risk environment
• Evaluate control completeness and recommend creation of additional controls to address gaps and ensure alignment with best practices and regulatory mandates
• Liaise with control owners across firmwide information technology infrastructure to understand technology requirements and advise on control implementation
• Define the scope of control implementations on impact to affected systems and risk mitigated
• Identify technology or risk areas requiring potential uplift of information security standards/policies and associated information security controls

• University degree in computer science or related subject
• Understanding of basic risk management concepts
• Knowledge of and interest in various information security areas
• Familiarity with financial regulators and regulations
• Strong analytical reasoning
• Strong communications skills (English)
• Exceptional attention to detail

Preferred Qualifications
• General knowledge of cybersecurity controls, such as firewalls, SIEM, antivirus and IDS solutions
• Knowledge of industry information security standards (e.g. ISO/IEC 27001, NIST CSF)
• Familiarity with one or more languages (Python, Java, Javascript) is a plus
• Experience with controls, control assessment and regulatory analysis




The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.

© The Goldman Sachs Group, Inc., 2020. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.