AMD Public-Dallas-Associate-Security Engineering

Role Overview

The Cybersecurity and Client Engagement Risk Associate position in Asset and Wealth Management engages new and existing institutional clients supports compliance activities (e.g. SOC reports ISO PCI NYDFS etc) and engages across the firm with Business Engineering Legal and Cyber SMEs. This role includes critical activities such assessing and negotiating tech risk commitments responding and editing security agreements/assessments and getting involved in addressing technical and business cyber activities.

Key Responsibilities

• Client Due Diligence & Revenue Protection:
  • Engagement: Proactively engages with institutional clients to articulate Goldman Sachs robust information security posture and address their specific security and compliance inquiries.
  • Client Vendor Due Diligence: Executes comprehensive client-focused vendor due diligence processes assessing third-party information security risks specifically within the financial services regulatory landscape.
  • Operational: Actively participates in and drives resolution of complex technical and business cyber activities including security architecture reviews control implementation and operationalizing compliance requirements.
  • Strategic innovation: Partner in integration of Artificial Intelligence (AI) and Machine Learning (ML) to automate due diligence contract engagements and scale the program efficiently.
  • Research and evaluate emerging global client trends in client contract focus and regulatory landscapes to advise affiliates and internal stakeholders on proactive contractual/regulatory risk mitigation strategies.

Skills and Experience Required

• Operational Experience: Minimum two years working as an Information Security professional and/or Computer engineering background with cyber risk operational experience including hands-on involvement in security incident response coordination and vulnerability management program support.
• Technical Platform Experience: Demonstrated hands-on experience with security controls and configurations across diverse IT platforms including web applications middleware cloud services (IaaS PaaS SaaS) and database systems.
• Security Standards:Familiarity with leading security standards and frameworks such as NIST OWASP SANS Top 20 PCI DSS and CIS Controls
• Cybersecurity Knowledge Depth: Deep understanding and practical application of security principles across web mobile cloud (IaaS PaaS SaaS) and client/server architectures including threat modeling vulnerability management and secure development lifecycles.
• Communication of Complex Concepts: Ability to translate complex technical cybersecurity concepts into clear actionable insights for both technical and non-technical audiences.
• Detail Orientation & Self-Motivation: Demonstrated exceptional attention to detail meticulous organizational skills and a proactive self-motivated approach to problem-solving.

• Emotional Intelligence (EQ): Demonstrated ability to build rapport influence stakeholders and manage challenging client conversations with diplomacy and professionalism.

Preferred Qualifications

• BS degree in Computer Science Cyber Security Information Security or a related technical field.
• Relevant industry certifications such asCISSPCISMCRISC CISA or cloud-specific security certifications (e.g. AWS Certified Security Specialty).
• 1-2 yrs Operational and/or experience with Cloud services (as provider or client) or certified CCNA CCNP AWS security.
• Implementation and/or operational experience with Third Party Risk (TPRM) Risk Management Solutions (ex: SAP GRC LogicManager ServiceNow Audit Board RSA Archer Reciprocity etc.) or deploying automated DDQ workflows
• Scripting/Automation: Practical experience with scripting or automation (e.g. Python PowerShell) for security tasks and data analysis.
• Familiarity with leveraging Artificial Intelligence and Machine Learning (AI/ML) for AI Governance (e.g. data poisoning prompt injection) automating compliance checks or enhancing cybersecurity capabilities such as predictive risk modeling anomaly detection in vendor assessments.