Wealth Management-Richardson-Vice President-Security Engineering

Role Overview

The Head of Technology Risk for Wealth Management is a critical senior leadership position responsible for defining implementing and overseeing the comprehensive information security and cybersecurity risk posture specifically within the Wealth Management business. This role is pivotal in balancing commercial objectives with robust security controls ensuring the divisions resilience against an evolving threat landscape and protecting client assets and highly sensitive personal data.

This leader will directly manage and provide strategic direction to teams responsible for Governance Risk & Compliance (GRC) Application Security & Advisory and Product Security functions within Wealth Management. Crucially this role also involves the oversight and guidance of embedded Technology Risk Officers who are assigned to various Wealth Management business verticals. The objective is to foster a unified and proactive approach to risk management ensuring stringent regulatory compliance and enabling secure technological innovation across all Wealth Management initiatives.

Key Responsibilities

• Strategic Leadership & Governance:
  • Define and execute the multi-year Technology Risk roadmap for the Wealth Management division ensuring alignment with firm-wide standards industry best practices and frameworks such as theNIST Cybersecurity Framework.
  • Lead the divisional Risk and Control Self-Assessment (RCSA) process and oversee regular control assessments to identify evaluate and mitigate technology risks specific to Wealth Management.
  • Act as the primary liaison for internal and external audits regulatory examinations (e.g.SECFINRAGDPRCCPAGLBA state-specific privacy laws) and client due diligence requests ensuring all commitments are met.
  • Provide executive-level reporting on risk trends key risk indicators and the overall technology risk profile to Wealth Management leadership the AWM Operating Committee and Firmwide Technology Risk leadership.
  • Oversee and guide a team of embedded Technology Risk Officers supporting specific Wealth Management business verticals ensuring consistent application of risk management principles policies and controls.
• Technical Risk Advisory & Architecture:
  • Oversee the Security Single Point of Contact (SPOC) model for key Wealth Management initiatives including new product launches strategic projects and M&A due diligence ensuring security is integrated from inception.
  • Ensure that secure design principles threat modeling andOWASP Top 10mitigations are systematically integrated into the architecture and development lifecycle of all Wealth Management applications and platforms.
  • Drive the adoption of advanced security patterns for cloud-native deployments (AWS preferred) and hybrid infrastructures optimizing security posture while enabling business agility within Wealth Management.
• Product Security & SDLC Integration:
  • Champion the Shift Left philosophy by embedding automated security controls and practices within the Software Development Life Cycle (SDLC) using Agile methodologies across Wealth Management engineering teams.
  • Supervise the execution of comprehensive threat modeling manual code reviews penetration testing and vulnerability assessments across the entire Wealth Management application portfolio.
  • Collaborate closely with Engineering and DevOps teams to enhance the firms security posture through the implementation of automated CI/CD security gates and secure development practices.
• Client Due Diligence & Revenue Protection:
  • Oversee the client-facing security due diligence function for Wealth Management supporting high-value prospect requests and existing client audits to protect and enable revenue streams. This includes addressing concerns related to privacy and data protection for individual clients.
  • Represent the firms security maturity technical resilience and robust control environment to external individual and institutional clients partners and advisors in the Wealth Management sector.
• Innovation & Scaling:
  • Drive the integration of Artificial Intelligence (AI) and Machine Learning (ML) to automate risk detection enhance threat intelligence and scale security operations efficiently.
  • Research and evaluate emerging trends in fintech security cryptography and regulatory landscapes to advise portfolio companies and internal stakeholders on proactive risk mitigation strategies particularly concerning client data privacy.

Skills and Experience Required

• Experience:12+ years of progressive experience in Technology Risk Information Security or Application Development with at least 5 years in a senior leadership or Head of capacity within the Financial Services industry specifically with exposure to Wealth Management.
• Technical Depth:Deep understanding of core cryptography concepts (Encryption Hashing HMAC digital signatures) cloud security principles (AWS preferred) and web stack technologies (e.g. HTTP HTML5 AJAX REST OAuth SAML OIDC).
• Regulatory & Risk Expertise: Expert knowledge of global financial regulations (e.g.SECFINRAGDPRCCPAGLBA state-specific privacy laws) and proven experience applying risk management methodologies such asFAIR (Factor Analysis of Information Risk)or similar frameworks.
• Leadership & Management:Proven ability to build mentor and lead high-performing global teams of security professionals. Demonstrated success in building coalitions and influencing diverse engineering business and executive stakeholders.
• Program Management:Strong program and project management skills with a track record of driving complex security initiatives to successful completion within committed timelines.
• Communication:Exceptional written and oral communication skills with the ability to articulate complex technical risks and solutions clearly to both technical and executive audiences.
• Risk Assessment:Expertise in performing risk assessments identifying gaps in compliance with information security policies and recommending effective mitigation strategies.
• Acquisition Experience:Experience with acquisition due diligence and integration from a technology risk perspective.
• Security Standards:Familiarity with leading security standards and frameworks such as NIST OWASP SANS Top 20 PCI DSS and CIS Controls.

Preferred Qualifications

• BS or MS degree in Computer Science Cyber Security Information Security or a related technical field.
• Relevant industry certifications such asCISSPCISMCRISC CISA or cloud-specific security certifications (e.g. AWS Certified Security Specialty).
• Experience with leveraging AI/ML to solve security problems and scale operations.
• Knowledge of secure coding languages (e.g. Python Java Go)

ABOUT GOLDMAN SACHS

At Goldman Sachs we commit our people capital and ideas to help our clients shareholders and the communities we serve to grow. Founded in 1869 we are a leading global investment banking securities and investment management firm. Headquartered in New York we maintain offices around the world.

We believe who you are makes you better at what you do. Were committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally from our training and development opportunities and firmwide networks to benefits wellness and personal finance offerings and mindfulness programs. Learn more about our culture benefits and people at committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: The Goldman Sachs Group Inc. 2023. All rights reserved.

Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race color religion sex national origin age veterans status disability or any other characteristic protected by applicable law.