Goldman Sachs Technology Risk leads threat and risk management initiatives that help to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats, and protect against unauthorized disclosure of confidential client, employee, and supply chain information. Specifically, the Techrisk Data Privacy team is accountable for enabling personal data security and thereby privacy across the firm. We collaborate closely with Legal, Compliance, Privacy Platform Engineering, and Core Engineering to uplift and enhance the control posture for various types of personal data.

You will join a progressive Technology Risk team which continues to push the development of security controls within engineering functions and across the business. You will interact with all parts of the firm, gaining experience and knowledge that will facilitate future career growth.

We are looking for a self-motivated candidate with a strong technical background and experience in data security or data risk management to join a team focused on strengthening personal data security and implementing privacy-by-design principles through technical controls.

RESPONSIBILITIES AND QUALIFICATIONS

Support the planning, execution, and enhancement of data protection and personal data security initiatives, focusing on technical controls and security reviews.Drive the adoption of robust data security controls and privacy-enhancing technologies (e.g., encryption, data masking, access controls) across applications and platforms to uplift the control posture for personal data.Assist in developing scalable processes to ensure data security controls are operating effectively and align with privacy-by-design principles.Provide advice and guidance to engineering teams on applying relevant security policies and standards, and on integrating security controls defined in the firm’s Technology Risk and Control Framework to enable privacy by design from the outset.Participate in global, regional, and local Technology Risk initiatives aimed at improving the firm's baseline on data security, resiliency, and controls of technology processes and services related to personal data.Conduct security reviews of systems and applications to identify potential data privacy risks and recommend technical mitigation strategies.Collaborate with Legal and Compliance to understand regulatory requirements (e.g., GDPR, CCPA) and translate them into actionable technical security controls.Provide clear and concise verbal and written recommendations and guidance to business and technology staff on matters of personal data security and privacy-enabling technical controls.

SKILLS AND EXPERIENCE WE ARE LOOKING FOR

Bachelor’s degree in information/cyber security, Computer Science, Software Engineering, or a related technical field.1-3 years of experience in security, technical risk management, or data protection function.Strong understanding of data security concepts and practices, including encryption, access controls, data minimization, and data de-identification.Familiarity with privacy-by-design principles and their practical implementation within technology solutions.Technical knowledge of technology architecture, infrastructure, and the Software Development Lifecycle (SDLC).Experience with data analysis tools like Excel, PowerBI, or Alteryx.Proven analytical thinking abilities and problem-solving skills, particularly in assessing technical security risks related to data privacy.Excellent oral, written, and presentation communication skills, with the ability to explain complex technical details to diverse audiences.Ability to work effectively in a team environment and independently

PREFERRED QUALIFICATIONS

Relevant industry certifications (e.g., Security+, CySA+, CCSP, CIPT, CISSP, CIPM).Experience with technical risk analysis and control frameworks (e.g., NIST Cybersecurity Framework, ISO 27001/27701).Understanding of relational database technologies (e.g., SQL) and data storage principles.Knowledge of networking technologies and operating systems.Familiarity with data lifecycle management, data mapping, and inventory from a security control perspective.An understanding of the regulatory environment related to technology control requirements, with an emphasis on how security controls address global data protection regulations.