Internal Audit - Technology Audit - Vice President - London

Job Description

Please make sure you read the following details carefully before making any applications.

INTERNAL AUDIT

In Internal Audit, we ensure that Goldman Sachs maintains effective controls by assessing the reliability of financial reports, monitoring the firm's compliance with laws and regulations, and advising management on developing smart control solutions. Our group has unique insight on the financial industry and its products and operations. We're looking for detail-oriented team players who have an interest in financial markets and want to gain insight into the firm's operations and control processes.

TEAM OVERVIEW

Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets, analytical skills, and exercise professional skepticism. They are able to challenge and discuss effectively with management on risks and control measures. We look for individuals who enjoy learning about audit, businesses, and functions, have innovative and creative mindsets to adopt analytical techniques to enhance audit methods, build relationships, and thrive in teamwork in a fast-paced global environment.

Goldman Sachs Internal Audit comprises individuals from diverse backgrounds including chartered accountants, developers, risk management professionals, cybersecurity professionals, and data scientists. We are organized into global teams comprising business and technology auditors to cover all the firm's businesses and functions, including securities, investment banking, consumer and investment management, risk management, finance, cybersecurity, and technology risk.

THE ROLE AND RESPONSIBILITIES

As the third line of defense, Internal Audit's mission is to independently assess the firm's internal control structure, including governance processes and controls, risk management, and anti-financial crime frameworks, raise awareness of control risk, and monitor the implementation of management's control measures.

In doing so, Internal Audit performs the following duties:Communicates and reports on the effectiveness of the firm's governance, risk management, and controls that mitigate current and evolving riskRaises awareness of control riskAssesses the firm's control culture and conduct risksMonitors management's implementation of control measuresAdditional responsibilities include:

Develop and maintain an in-depth understanding of business areas, its products, and supporting functionsIdentify risks, assess mitigating controls, and make recommendations on improving the control environmentFollow up on open audit issues and their resolutionSKILLS AND EXPERIENCE REQUIRED

Approximately 12+ years' work experience, and a degree in Computer Science, Information and Cybersecurity, Engineering, or equivalent discipline

Deep understanding of operating systems, experience of batch scripting and executing standard commandsInternet infrastructure design and installation and support of network devices and firewallsCloud computing concepts, technologies, risks, and mitigating controlsSystems and security administration and configuration of servers and desktops (UNIX, Windows, MacOS, directory services, etc.)Security risks related to web, mobile, web services, and client/server architecturesEncryption schemes (symmetric, asymmetric, and hashing) and their application in application architectureVulnerability assessment and penetration testing methodologies for web, thick-client, and mobile applicationsExperience with Splunk and/or other SIEM platformsThreat modeling, intelligence, and incident responseManagement, monitoring, and operations of technology (backups, change management, system monitoring, incident/problem management)Operational resilience, business continuity planning, and disaster recovery design and implementationSecurity within the software development lifecycleRelevant technology standards and regulations - NIST Cyber Security Framework, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks, etc.Data and log analysis (using SQL and Splunk) and visualization (using Spotfire, Tableau, QlikView, or other) would be useful but not requiredRelevant certification or industry accreditation (CISA, CISSP, CISM, etc.) useful but not required

Understanding of internal audit processes related to a large financial institutionProject management experience, including oversight and leadership of junior staffHighly motivated with strong analytical skills, willing and able to learn new business and system processes quicklyAbility to multi-task and remain organized in a fast-paced environment, and to regularly present to senior leadershipAccurate, accountable, and able to multitask while managing both time and workload

#J-18808-Ljbffr