Engineering -- Tech Risk -- Secure SDLC -- VP -- Toronto
3 weeks ago
Tech Risk – Advisory – Secure SDLC – VP
WHO WE ARE
Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Advisory is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and control across Goldman Sachs. The team plays a critical role in designing and assessing controls for our transition to building native public cloud applications.
YOUR IMPACT
In this role, you will join the global Secure SDLC (S-SDLC) team within Technology Risk – the team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks. You will interact with all parts of the firm giving you the opportunity to grow within the Technology Risk team as well as other divisions within the firm.
The ideal candidate should have experience of integrating, and tuning, software security controls within continuous deployment SDLC, ability to review, triage and remediate findings by interfacing with the Business Units and help raise developer security awareness.
HOW YOU WILL FULFILL YOUR POTENTIAL
The Secure-SDLC team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks.
You will become a highly committed trusted Risk Advisor with the discipline and interpersonal skills to work in a global environment communicating the impact of technology risks and the approach to mitigation and acceptance. You will provide Technology Risk Advisory risk assessment and advisory services to engineers as part of the Technology Risk function.
Job Responsibilities:
Lead and support static, dynamic and security awareness services Lead development, maintenance and improvement of detection controls, security reviews, remediation activities and business unit engagements Lead S-SDLC training and guidance on security related issues Drive adoption of embedded application security controls within Software Development Life Cycle (SDLC) Lead product evaluation and help engineer tools and solutions that will facilitate the adoption of security controls across the firm Review and provide advice and consultation to business owners for the identified security issuesBasic Qualifications:
Have a minimum of 5 years’ experience in information security or related field. You will use your strong technical, interpersonal, organizational, written, and verbal communication skills to interact with your internal clients locally and globally. Your knowledge of Application Security, Risk Analysis and Risk Management techniques, methodologies and governance will enable you to be an active member of the team along with your professional experience in one, or more, of the following disciplines:
Understanding of common application security vulnerabilities and controls to remediate. Ability to engage technical client base of engineers and communicate security requirements, potential risks and influence development practices Ability to communicate security flaws in a clear and concise manner to a broad range of audience from engineers, SMEs to senior management Ability to provide clear guidance on vulnerability remediation Expert/Advanced knowledge of Secure software development practices and frameworks Expert/Advanced knowledge of Secure Code Review and Application Security assessment Expert/Advanced knowledge of at least one major programming language (. Java, Python, Go Expert/Advanced knowledge of CI/CD platforms . Gitlab, Jenkins, BitBucket CI, Bamboo, Travis CI, Circle CI, AWS Code Commit and Deploy (or similar) Expert/Advanced knowledge of DevSecOps solutions . Static Application Security Testing (SAST) Dynamic/Interactive Application Security Testing (DAST/IAST) Software Composition Analysis (SCA) Infrastructure as Code (IaC) Container Security Mobile SecurityPreferred qualifications:
Program management skills Expert Knowledge of Cloud (AWS, GCP, Azure) and Cloud Security applications#TechRiskCybersecurity
ABOUT GOLDMAN SACHS
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at .
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process.
-
Toronto, ON, Canada Goldman Sachs Group, Inc. Full timeTech Risk – Advisory – Secure SDLC – VP WHO WE ARE Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure,...
-
VP Information Security
3 weeks ago
Toronto, Canada Alterna Full timeLocation: Toronto or Ottawa Scope of Position The VP, Information Security is responsible for the organization's strategies, objectives, policies, plans, budget and operations for the area of IT Security and Cyber Security. Works collaboratively with the senior management team to provide support to meet operational requirements and achieve annual and...
-
VP Information Security
3 weeks ago
Toronto, Ontario, Canada Alterna Full timeLocation: Toronto or Ottawa Scope of Position The VP, Information Security is responsible for the organization's strategies, objectives, policies, plans, budget and operations for the area of IT Security and Cyber Security. Works collaboratively with the senior management team to provide support to meet operational requirements and achieve annual and...
-
Manager, Platform Engineering
4 weeks ago
Toronto, Canada CaseWare Full timeCaseware is one of Canada's original Fintech companies, having led the global audit and accounting software industry for over 30 years, with more than 500,000 users across 130 countries and available in 16 different languages. While you might not have heard of us (yet) over 36,000 accounting and audit professionals list Caseware as a skill on their LinkedIn...
-
Old Toronto, Canada GR8 Tech Full timeAbout the Company: GR8 Tech is a global product company that provides innovative, scalable platforms and business solutions for the iGaming industry. With a great experience, our GR8 Tech platform successfully handles millions of active players and offers best practices to develop and grow in the gambling industry. We are here to provide great gaming tech to...
-
Information Security Engineering Team Lead
2 days ago
Old Toronto, Canada GR8 Tech Full timeAbout the Company: GR8 Tech is a global product company that provides innovative, scalable platforms and business solutions for the iGaming industry. With a great experience, our GR8 Tech platform successfully handles millions of active players and offers best practices to develop and grow in the gambling industry. We are here to provide great gaming tech to...
-
Information Security Engineering Team Lead
2 days ago
Old Toronto, Canada GR8 Tech Full timeAbout the Company: GR8 Tech is a global product company that provides innovative, scalable platforms and business solutions for the iGaming industry. With a great experience, our GR8 Tech platform successfully handles millions of active players and offers best practices to develop and grow in the gambling industry. We are here to provide great gaming tech to...
-
VP Information Security
3 weeks ago
Toronto, ON, Canada Alterna Sa Full timeThe VP, Information Security is responsible for the organization’s strategies, objectives, policies, plans, budget and operations for the area of IT Security and Cyber Security. Works collaboratively with the senior management team to provide support to meet operational requirements and achieve annual and long-term corporate goals. The VP, Information...
-
VP Information Security
3 weeks ago
Old Toronto, Canada Alterna Sa Full timeThe VP, Information Security is responsible for the organization’s strategies, objectives, policies, plans, budget and operations for the area of IT Security and Cyber Security. Works collaboratively with the senior management team to provide support to meet operational requirements and achieve annual and long-term corporate goals.The VP, Information...
-
VP Information Security
3 weeks ago
Old Toronto, Canada Alterna Sa Full timeThe VP, Information Security is responsible for the organization’s strategies, objectives, policies, plans, budget and operations for the area of IT Security and Cyber Security. Works collaboratively with the senior management team to provide support to meet operational requirements and achieve annual and long-term corporate goals.The VP, Information...
-
VP Information Security
3 weeks ago
Old Toronto, Canada Alterna Sa Full timeThe VP, Information Security is responsible for the organization’s strategies, objectives, policies, plans, budget and operations for the area of IT Security and Cyber Security. Works collaboratively with the senior management team to provide support to meet operational requirements and achieve annual and long-term corporate goals.The VP, Information...
-
Security Engineer
3 weeks ago
Toronto, ON, Canada matchpoint solutions Full timematchpoint solutions MatchPoint Solutions helps you buck transient tech trends for a Digital Transformation that timelessly delivers unmatched efficiencies. View company page Duration: 12 Months (Likely to be extended) We are seeking a highly skilled and motivated Security Engineer with a strong background in cybersecurity, specifically holding the...
-
Security Engineer
3 weeks ago
Old Toronto, Canada matchpoint solutions Full timematchpoint solutions MatchPoint Solutions helps you buck transient tech trends for a Digital Transformation that timelessly delivers unmatched efficiencies. View company page Duration:12 Months (Likely to be extended)We are seeking a highly skilled and motivated Security Engineer with a strong background in cybersecurity, specifically holding the...
-
Security Engineer
3 weeks ago
Old Toronto, Canada matchpoint solutions Full timematchpoint solutions MatchPoint Solutions helps you buck transient tech trends for a Digital Transformation that timelessly delivers unmatched efficiencies. View company page Duration:12 Months (Likely to be extended)We are seeking a highly skilled and motivated Security Engineer with a strong background in cybersecurity, specifically holding the...
-
Security Engineer
4 weeks ago
Old Toronto, Canada matchpoint solutions Full timematchpoint solutions MatchPoint Solutions helps you buck transient tech trends for a Digital Transformation that timelessly delivers unmatched efficiencies. View company page Duration:12 Months (Likely to be extended)We are seeking a highly skilled and motivated Security Engineer with a strong background in cybersecurity, specifically holding the...
-
Senior Risk Engineer, Construction
3 weeks ago
Toronto, Canada Berkshire Hathaway Specialty Insurance Full timeJob Opportunity: Berkshire Hathaway Specialty Insurance (BHSI) has an exciting opportunity for a Senior Risk Engineer specializing in the Property Construction segment supporting our rapidly growing Builder’s Risk business. The position reports directly to the VP Risk Control, Energy and Construction, North America however all Risk Engineers at...
-
Tech Lead
7 days ago
Toronto, Canada nugget.ai Full timeWe are currently looking for an experienced and motivated **Tech Lead **to join our Engineering team. The Tech Lead will report directly to the Director of Engineering, with the role principally located at the Toronto King St office. **What You’ll Do**: - Build software prototypes and conduct experiments to evaluate alternative architectures. - Gain an...
-
Vp Credit Risk
4 days ago
Toronto, Canada Chad Management Group Full timeVP Credit Risk & Analytics Cambridge ON With over $1Billion in loans funded, our client has helped hard-working Canadians with personalized money solutions with more flexibility than traditional banks across both its retail and digital channels. They are a member of the Canadian Consumer Finance Association, fully licensed lender with 110+ branches across...
-
VP of Software Engineering
1 week ago
Toronto, ON, Canada Acquird.io Full timeAbout Us Profitable B2B SaaS company, teams are based out of North America, but this role is remote from Canada. We're only open to folks that don't require relocation (ideally in the GTA/Toronto area) and are eligible to work in Canada :) We're one of the top no-code data segmentation platforms that help marketing teams filter data and run...
-
VP of Software Engineering
1 week ago
Old Toronto, Canada Acquird.io Full timeAbout UsProfitable B2B SaaS company, teams are based out of North America, but this role is remote from Canada. We're only open to folks that don't require relocation (ideally in the GTA/Toronto area) and are eligible to work in Canada :)We're one of the top no-code data segmentation platforms that help marketing teams filter data and run targeted campaigns...
