Role Overview 
The Head of Technology Risk for Asset Management is a critical senior leadership position responsible for defining, implementing, and overseeing the comprehensive information security and cybersecurity risk posture specifically within the Asset Management business. This role is pivotal in balancing commercial objectives with robust security controls, ensuring the division's resilience against an evolving threat landscape, and protecting client assets and data.

This leader will directly manage and provide strategic direction to teams responsible for Governance, Risk & Compliance (GRC), Application Security & Advisory, and Product Security functions within Asset Management. Crucially, this role also involves the oversight and guidance of embedded Technology Risk Officers who are assigned to various Asset Management business verticals. The objective is to foster a unified and proactive approach to risk management, ensuring regulatory compliance, and enabling secure technological innovation across all Asset Management initiatives.

Key Responsibilities
Strategic Leadership & Governance:
o    Define and execute the multi-year Technology Risk roadmap for the Asset Management division, ensuring alignment with firm-wide standards, industry best practices, and frameworks such as the NIST Cybersecurity Framework.
o    Lead the divisional Risk and Control Self-Assessment (RCSA) process and oversee regular control assessments to identify, evaluate, and mitigate technology risks specific to Asset Management.
o    Act as the primary liaison for internal and external audits, regulatory examinations (e.g., SEC, FINRA, GDPR, CCPA), and client due diligence requests, ensuring all commitments are met.
o    Provide executive-level reporting on risk trends, key risk indicators, and the overall technology risk profile to Asset Management leadership, the AWM Operating Committee, and Firmwide Technology Risk leadership.
o    Oversee and guide a team of embedded Technology Risk Officers supporting specific Asset Management business verticals, ensuring consistent application of risk management principles, policies, and controls.
Technical Risk Advisory & Architecture:
o    Oversee the "Security Single Point of Contact" (SPOC) model for key Asset Management initiatives, including new product launches, strategic projects, and M&A due diligence, ensuring security is integrated from inception.
o    Ensure that secure design principles, threat modeling, and OWASP Top 10 mitigations are systematically integrated into the architecture and development lifecycle of all Asset Management applications and platforms.
o    Drive the adoption of advanced security patterns for cloud-native deployments (AWS preferred) and hybrid infrastructures, optimizing security posture while enabling business agility within Asset Management.
Product Security & SDLC Integration:
o    Champion the "Shift Left" philosophy by embedding automated security controls and practices within the Software Development Life Cycle (SDLC) using Agile methodologies across Asset Management engineering teams.
o    Supervise the execution of comprehensive threat modeling, manual code reviews, penetration testing, and vulnerability assessments across the entire Asset Management application portfolio.
o    Collaborate closely with Engineering and DevOps teams to enhance the firm’s security posture through the implementation of automated CI/CD security gates and secure development practices.
Client Due Diligence & Revenue Protection:
o    Oversee the client-facing security due diligence function for Asset Management, supporting high-value prospect requests and existing client audits to protect and enable revenue streams.
o    Represent the firm’s security maturity, technical resilience, and robust control environment to external institutional clients, partners, and investors in the Asset Management sector.
Innovation & Scaling:
o    Drive the integration of Artificial Intelligence (AI) and Machine Learning (ML) to automate risk detection, enhance threat intelligence, and scale security operations efficiently.
o    Research and evaluate emerging trends in fintech security, cryptography, and regulatory landscapes to advise portfolio companies and internal stakeholders on proactive risk mitigation strategies.

Skills and Experience Required
•    Experience: 12+ years of progressive experience in Technology Risk, Information Security, or Application Development, with at least 5 years in a senior leadership or "Head of" capacity within the Financial Services industry, specifically with exposure to Asset Management.
•    Technical Depth: Deep understanding of core cryptography concepts (Encryption, Hashing, HMAC, digital signatures), cloud security principles (AWS preferred), and web stack technologies (e.g., HTTP, HTML5, AJAX, REST, OAuth, SAML, OIDC).
•    Regulatory & Risk Expertise: Expert knowledge of global financial regulations (e.g., SEC, FINRA, GDPR, CCPA) and proven experience applying risk management methodologies such as FAIR (Factor Analysis of Information Risk) or similar frameworks.
•    Leadership & Management: Proven ability to build, mentor, and lead high-performing global teams of security professionals. Demonstrated success in building coalitions and influencing diverse engineering, business, and executive stakeholders.
•    Program Management: Strong program and project management skills with a track record of driving complex security initiatives to successful completion within committed timelines.
•    Communication: Exceptional written and oral communication skills, with the ability to articulate complex technical risks and solutions clearly to both technical and executive audiences.
•    Risk Assessment: Expertise in performing risk assessments, identifying gaps in compliance with information security policies, and recommending effective mitigation strategies.
•    Acquisition Experience: Experience with acquisition due diligence and integration from a technology risk perspective.
•    Security Standards: Familiarity with leading security standards and frameworks such as NIST, OWASP, SANS Top 20, PCI DSS, and CIS Controls.

Preferred Qualifications
•    BS or MS degree in Computer Science, Cyber Security, Information Security, or a related technical field.
•    Relevant industry certifications such as CISSP, CISM, CRISC, CISA, or cloud-specific security certifications (e.g., AWS Certified Security – Specialty).
•    Experience with leveraging AI/ML to solve security problems and scale operations.
•    Knowledge of secure coding languages (e.g., Python, Java, Go).

ABOUT GOLDMAN SACHS
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world. 
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html
© The Goldman Sachs Group, Inc., 2023. All rights reserved.

Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, veterans status, disability, or any other characteristic protected by applicable law.