Internal Audit-London-Vice President-Technology Audit
London, Greater London, England, United Kingdom
Goldman Sachs
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base.INTERNAL AUDIT
In Internal Audit, we ensure that Goldman Sachs maintains effective controls by assessing the reliability of financial reports, monitoring the firm's compliance with laws and regulations, and advising management on developing smart control solutions. Our group has unique insight on the financial industry and its products and operations. We're looking for detail-oriented team players who have an interest in financial markets and want to gain insight into the firm's perations and control processes.
TEAM OVERVIEW
Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets, analytical, exercise professional scepticism, and are able to challenge and discuss effectively with management on risks and control measures. We look for individuals who enjoy learning about audit, businesses and functions, have innovative and creative mindsets to adopt analytical techniques to enhance audit techniques, building relationships and are able to evolve and thrive in teamwork and in a fast-paced global environment.
Goldman Sachs Internal Audit comprises individuals from diverse backgrounds including chartered accountants, developers, risk management professionals, cybersecurity professionals, and data scientists. We are organized into global teams comprising business and technology auditors to cover all the firm's businesses and functions, including securities, investment banking, consumer and investment management, risk management, finance, cybersecurity and technology risk, and engineering.
THE ROLE AND RESPONSIBILITIES
As the third line of defence, Internal Audit's mission is to independently assess the firm's internal control structure, including the firm's governance processes and controls, and risk management and capital and anti-financial crime frameworks, raise awareness of control risk and monitor the implementation of management's control measures.
In doing so, Internal Audit perform the following duties:
- Communicates and reports on the effectiveness of the firm's governance, risk management and controls that mitigate current and evolving risk
- Raise awareness of control risk
- Assesses the firm's control culture and conduct risks
- Monitors management's implementation of control measures
Additional responsibilities include:
- Develop and maintain an in-depth understanding of business areas, its products, and supporting functions
- Identify risks, assess mitigating controls, and make recommendations on improving the control environment
- Follow-up on open audit issues and their resolution
SKILLS AND EXPERIENCE REQUIRED
- Approximately 12+ years’ work experience, and a degree in Computer Science, Information and Cybersecurity, Engineering or equivalent discipline
- Deep understanding of operating systems, experience of batch scripting and executing standard commands
- Internet infrastructure design and installation and support of network devices and firewalls
- Cloud computing concepts, technologies, risks and mitigating controls
- Systems and security administration and configuration of servers and desktops (UNIX, Windows, MacOS, directory services etc.)
- Security risks related to web, mobile, web services, and client/server architectures
- Encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture
- Vulnerability assessment and penetration testing methodologies and processes for web, thick-client and mobile applications
- Experience with Splunk and/or other SIEM platforms
- Threat modelling, intelligence and incident response
- Management, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)
- Operational resilience, business continuity planning and disaster recovery design and implementation
- Security within the software development lifecycle
- Relevant technology standards and regulations – NIST Cyber Security Framework, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks etc.
- Data and log analysis (using SQL and Splunk) and visualisation (using Spotfire, Tableau, QlikView or other) would be useful but not required
- Relevant certification or industry accreditation (CISA, CISSP, CISM, etc.) useful but not required
- Understanding of internal audit processes as related to a large financial institution
- Project management experience, including oversight and leadership of junior staff
- Highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly
- Ability to multi-task and remain organized in a fast-paced environment, and to regularly present to senior leadership
- Accurate, accountable and able to multitask while managing both time and work-load
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Banking CISA CISM CISSP Cloud Compliance Computer Science Encryption FFIEC Finance Firewalls GDPR Governance Hashing Incident response ISO 27001 Log analysis MacOS Monitoring NIST Pentesting Privacy Risk management Scripting SDLC SIEM Splunk SQL UNIX Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Threat intelligence-related jobs
- Open DoD-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open TS/SCI-related jobs