AMD Public-Dallas-Vice President-Security Engineering

Role Overview
The Head of Technology Risk for Asset Management is a critical senior leadership position responsible for defining implementing and overseeing the comprehensive information security and cybersecurity risk posture specifically within the Asset Management business. This role is pivotal in balancing commercial objectives with robust security controls ensuring the divisions resilience against an evolving threat landscape and protecting client assets and data.

This leader will directly manage and provide strategic direction to teams responsible for Governance Risk & Compliance (GRC) Application Security & Advisory and Product Security functions within Asset Management. Crucially this role also involves the oversight and guidance of embedded Technology Risk Officers who are assigned to various Asset Management business verticals. The objective is to foster a unified and proactive approach to risk management ensuring regulatory compliance and enabling secure technological innovation across all Asset Management initiatives.

Key Responsibilities
Strategic Leadership & Governance:
oDefine and execute the multi-year Technology Risk roadmap for the Asset Management division ensuring alignment with firm-wide standards industry best practices and frameworks such as the NIST Cybersecurity Framework.
oLead the divisional Risk and Control Self-Assessment (RCSA) process and oversee regular control assessments to identify evaluate and mitigate technology risks specific to Asset Management.
oAct as the primary liaison for internal and external audits regulatory examinations (e.g. SEC FINRA GDPR CCPA) and client due diligence requests ensuring all commitments are met.
oProvide executive-level reporting on risk trends key risk indicators and the overall technology risk profile to Asset Management leadership the AWM Operating Committee and Firmwide Technology Risk leadership.
oOversee and guide a team of embedded Technology Risk Officers supporting specific Asset Management business verticals ensuring consistent application of risk management principles policies and controls.
Technical Risk Advisory & Architecture:
oOversee the Security Single Point of Contact (SPOC) model for key Asset Management initiatives including new product launches strategic projects and M&A due diligence ensuring security is integrated from inception.
oEnsure that secure design principles threat modeling and OWASP Top 10 mitigations are systematically integrated into the architecture and development lifecycle of all Asset Management applications and platforms.
oDrive the adoption of advanced security patterns for cloud-native deployments (AWS preferred) and hybrid infrastructures optimizing security posture while enabling business agility within Asset Management.
Product Security & SDLC Integration:
oChampion the Shift Left philosophy by embedding automated security controls and practices within the Software Development Life Cycle (SDLC) using Agile methodologies across Asset Management engineering teams.
oSupervise the execution of comprehensive threat modeling manual code reviews penetration testing and vulnerability assessments across the entire Asset Management application portfolio.
oCollaborate closely with Engineering and DevOps teams to enhance the firms security posture through the implementation of automated CI/CD security gates and secure development practices.
Client Due Diligence & Revenue Protection:
oOversee the client-facing security due diligence function for Asset Management supporting high-value prospect requests and existing client audits to protect and enable revenue streams.
oRepresent the firms security maturity technical resilience and robust control environment to external institutional clients partners and investors in the Asset Management sector.
Innovation & Scaling:
oDrive the integration of Artificial Intelligence (AI) and Machine Learning (ML) to automate risk detection enhance threat intelligence and scale security operations efficiently.
oResearch and evaluate emerging trends in fintech security cryptography and regulatory landscapes to advise portfolio companies and internal stakeholders on proactive risk mitigation strategies.

Skills and Experience Required
Experience: 12 years of progressive experience in Technology Risk Information Security or Application Development with at least 5 years in a senior leadership or Head of capacity within the Financial Services industry specifically with exposure to Asset Management.
Technical Depth: Deep understanding of core cryptography concepts (Encryption Hashing HMAC digital signatures) cloud security principles (AWS preferred) and web stack technologies (e.g. HTTP HTML5 AJAX REST OAuth SAML OIDC).
Regulatory & Risk Expertise: Expert knowledge of global financial regulations (e.g. SEC FINRA GDPR CCPA) and proven experience applying risk management methodologies such as FAIR (Factor Analysis of Information Risk) or similar frameworks.
Leadership & Management: Proven ability to build mentor and lead high-performing global teams of security professionals. Demonstrated success in building coalitions and influencing diverse engineering business and executive stakeholders.
Program Management: Strong program and project management skills with a track record of driving complex security initiatives to successful completion within committed timelines.
Communication: Exceptional written and oral communication skills with the ability to articulate complex technical risks and solutions clearly to both technical and executive audiences.
Risk Assessment: Expertise in performing risk assessments identifying gaps in compliance with information security policies and recommending effective mitigation strategies.
Acquisition Experience: Experience with acquisition due diligence and integration from a technology risk perspective.
Security Standards: Familiarity with leading security standards and frameworks such as NIST OWASP SANS Top 20 PCI DSS and CIS Controls.

Preferred Qualifications
BS or MS degree in Computer Science Cyber Security Information Security or a related technical field.
Relevant industry certifications such as CISSP CISM CRISC CISA or cloud-specific security certifications (e.g. AWS Certified Security Specialty).
Experience with leveraging AI/ML to solve security problems and scale operations.
Knowledge of secure coding languages (e.g. Python Java Go).

ABOUT GOLDMAN SACHS
At Goldman Sachs we commit our people capital and ideas to help our clients shareholders and the communities we serve to grow. Founded in 1869 we are a leading global investment banking securities and investment management firm. Headquartered in New York we maintain offices around the world.
We believe who you are makes you better at what you do. Were committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally from our training and development opportunities and firmwide networks to benefits wellness and personal finance offerings and mindfulness programs. Learn more about our culture benefits and people at Were committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: The Goldman Sachs Group Inc. 2023. All rights reserved.

Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race color religion sex national origin age veterans status disability or any other characteristic protected by applicable law.