Internal Audit

Job Category Associate What We Do As the third line of defense Internal Audit s mission is to independently assess the firm s internal control structure including the firm s governance processes and controls and risk management and capital and anti-financial crime frameworks raise awareness of control risk and monitor the implementation of management s control measures In doing so internal Audit Communicates and reports on the effectiveness of the firm s governance risk management and controls that mitigate current and evolving risk Raise awareness of control risk Assesses the firm s control culture and conduct risks and Monitors management s implementation of control measures Goldman Sachs Internal Audit is organized into global teams comprising business and technology auditors to cover all the firm s businesses and functions including securities investment banking consumer and investment management risk management finance cyber-security and technology risk and engineering Who We Look For Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets analytical exercise professional skepticism and are able to challenge and discuss effectively with management on risks and control measures We look for individuals who enjoy learning about audit businesses and functions have innovative and creative mindsets to adopt analytical techniques to enhance audit techniques building relationships and are able to evolve and thrive in teamwork and in a fast-paced global environment Tech Risk and Cybersecurity - Internal Audit Tech Risk and Cybersecurity team is responsible for covering firm-wide technology risk including information and cyber security business resilience governance and vendor technology risk management As Tech Risk and Cybersecurity auditors you will be involved in providing assurance on the information and cyber security controls within the firm across different platforms and security layers which help the firm in detecting and preventing cyber-attacks Your Impact As part of the third line of defense you will be involved in independently assessing the firm s overall control environment and communicating the results to the firm s local and global management the effectiveness of the firm s controls that mitigate current and emerging risks and monitoring the management s implementation of control measures In doing so you are supporting the provision of independent objective and timely assurance around the firm s internal control structure and supporting the Audit Committee the Board of Directors and Risk Committee in fulfilling their oversight responsibilities Responsibilities Assist Lead the risk assessment scoping and planning of a review Assist Lead in executing the review Specifically focusing on the following Design and execute tests to validate identified application system controls which may require data analysis code inspection and re-performance of system processes Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security availability and performance and their impact on business-aligned technology groups Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls Validate that system features meet business technology and regulatory requirements Validate the quality of internal SOX assessments Document the results of the test steps executed within the IA automated document project repository Assist Lead in the report preparation Assist Lead in presenting the scope progress and results of the review to internal technology and business stakeholders Basic Qualifications At least 3 years of experience as a technology auditor covering IT application and general controls Possess a degree in Computer Science or Engineering or equivalent Must be highly motivated with strong analytical skills willing and able to learn new business and system processes quickly Ability to work effectively across a large audit team understanding the team s role in the overall strategy of the firm Must be able to multitask while managing both time and work load Written and verbal communication skills a must strong interpersonal skills essential Job requires frequent interaction with technology management Preferred Qualifications Technology audit skills including Understanding of Linux and Windows operating systems experience of batch scripting and executing standard commands Cloud computing concepts technologies risks and mitigating controls Internet infrastructure design and installation and support of network devices and firewalls Database design setup and administration DBA experience with Sybase Oracle or UDB Systems and security administration and configuration of servers and desktops UNIX Windows directory services etc Management monitoring and operations of technology backups change management system monitoring incident problem Management Business continuity planning and disaster recovery design and implementation Secure software development lifecycle Vulnerability assessment and penetration testing methodologies and processes for web thick client and mobile applications Relevant technology standards and regulations - ISO 27001 Data Privacy FFIEC IT handbooks etc Data and log analysis using SQL and Splunk and visualisation using Spotfire Tableau QlikView or other would be useful but not required Relevant certification or industry accreditation CISA CISSP CISM etc useful but not required About GS The Goldman Sachs Group Inc is a leading global investment banking securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations financial institutions governments and individuals Founded in 1869 the firm is headquartered in New York and maintains offices in all major financial centers around the world