In Internal Audit, we ensure that Goldman Sachs maintains effective controls by assessing the reliability of financial reports, monitoring the firm’s compliance with laws and regulations, and advising management on developing smart control solutions. Our group has unique insight on the financial industry and its products and operations. We’re looking for detail-oriented team players who have an interest in financial markets and want to gain insight into the firm’s operations and control processes.   TEAM OVERVIEW Technology Risk and Cybersecurity team is responsible for covering firm-wide technology risk, including information and cyber security, business resilience, governance and vendor technology risk management. As Tech Risk and Cybersecurity auditors, you will be involved in providing assurance on the information and cyber security controls within the firm across different platforms and security layers which help the firm in detecting and preventing cyber-attacks.  

As a Technology Risk and Cybersecurity auditor, you will be involved in independently assessing the firm’s overall control environment and communicating the results to the firm’s local and global management the effectiveness of the firm’s controls that mitigate current and emerging risks and monitoring the management’s implementation of control measures.  In doing so, you are supporting the provision of independent, objective and timely assurance around the firm’s internal control structure, and supporting the Audit Committee, the Board of Directors and Risk Committee in fulfilling their oversight responsibilities.

RESPONSIBLITIES

Performing regular risk assessments for the area of coverageRegularly meeting the business/engineering stakeholders and building strong relationships with managementContinuously monitoring business and technology developments Monitoring regulatory requirements and developments, as well as industry standardsPerforming and leading audit work, including defining the scope of risks and controls, assessment of controls design and effectiveness, reviewing audit work and reporting findings to internal and external managementValidating the closure of management action pointsManaging, coaching and developing the team   SKILLS AND RELEVANT EXPERIENCE More than 7 years of relevant audit experiencePossess a degree in Computer Science, Information Security, Engineering or equivalentMust be highly motivated with strong analytical skills, willing and able to learn new business and system processes quicklyAbility to work effectively across a large audit team, understanding the team's role in the overall strategy of the firmMust be able to multitask while managing both time and workloadWritten and verbal communication skills a must; strong interpersonal skills essential. Job requires frequent interaction with technology management

Technology audit skills including:

Deep understanding of Linux and Windows operating systems, experience of batch scripting and executing standard commandsInternet infrastructure design and installation and support of network devices and firewallsCloud computing concepts, technologies, risks and mitigating controlsSystems and security administration and configuration of servers and desktops (UNIX, Windows, directory services etc.)Security risks related to web, mobile, web services, and client/server architecturesEncryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architectureVulnerability assessment and penetration testing methodologies and processes for web, thick client and mobile applicationsExperience with Splunk and/or other SIEM platforms would be useful but not requiredThreat modelling, intelligence and incident responseManagement, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)Business continuity planning and disaster recovery design and implementationSecurity within the software development lifecycleRelevant technology standards and regulations – NIST Cyber Security Framework, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks etc.Experience with Data Analytics tools and techniquesRelevant certification or industry accreditation (CISA, CISSP, CISM, etc.)
  ABOUT GOLDMAN SACHS   At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world. 
  We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers. 
  We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html
  © The Goldman Sachs Group, Inc., 2023. All rights reserved. Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, veterans status, disability, or any other characteristic protected by applicable law.