Internal Audit - Technology Infrastructure - Associate


INTERNAL AUDITIn Internal Audit, we ensure that Goldman Sachs maintains effective controls by assessing the reliability of financial reports, monitoring the firm's compliance with laws and regulations, and advising management on developing smart control solutions. Our group has unique insight on the financial industry and its products and operations. We're looking for detail-oriented team players who have an interest in financial markets and want to gain insight into the firm's operations and control processes.


Internal Audit independently assesses the firm's internal control structure, which is designed to provide reasonable assurance that financial reporting is reliable, there is compliance with applicable laws and regulations and the firm's operations are effectively controlled. Internal Audit also raises awareness of control risk, provides advice to management in developing control solutions and monitors the implementation of management's control measures. Internal Audit reports to the Audit Committee and is responsible for supporting the Audit Committee and the Board of Directors in fulfilling their oversight responsibilities. In addition Internal Audit regularly interacts with the external independent auditors and the firm's regulators.

The Technology Infrastructure, Risk and Governance audit team performs reviews of technology risks and controls within a challenging, dynamic and complex business and technology environment. The team covers the cyber security/information security, business resilience, technology governance and technology infrastructure functions of the firm (cloud computing, software-defined infrastructure, market data distribution, data centers, servers, desktops, networks, voice, e-mail, databases and enterprise storage systems). A strong background in technology and cyber security and a proven technology audit background is necessary.


  • Participation in planning and scoping reviews, meeting with key people within the area being reviewed to understand the underlying system architecture in the context of information technology controls and their impact on the business and identify the key risks and controls to be assessed
  • Preparation of the audit testing program and assessment of the adequacy of the design and operation of the controls associated with the key risks identified, which may require data analysis, code inspection and re-performance of system processes
  • Assessment of the risk and impact of the issues identified on reviews and production of the report to management
  • Follow up with stakeholders on remediation of actions coming out of issues identified during audits
  • Ad hoc work on firmwide projects around new processes or activities and investigation of incidents
  • Ongoing liaison with colleagues globally and internal and external stakeholders including regulators and external auditors
  • Maintenance of internal stakeholder relationships and regular interaction with the business during the year to assess changes in the control environment and other matters arising in the business.


Basic Qualifications

  • 5+ years of relevant technology audit experience or experience in using a combination of the following technologies;
  • Cyber and Information Security and risk assessment principles
  • Vulnerability management and penetration testing methodologies and processes
  • Experience with Splunk and/or other SIEM platforms would be useful but not required o Threat intelligence and incident response processes
  • Deep understanding of Linux and Windows operating systems, experience of batch scripting and executing standard commands
  • Internet infrastructure design and installation and support of network devices and firewalls
  • Cloud computing concepts, technologies, risks and mitigating controls o Database design, setup and administration (DBA) experience with Sybase, Oracle, or UDB
  • Systems and security administration and configuration of servers and desktops (UNIX, Windows, Directory Services etc.) o Management, monitoring and operations of technology (Backups, Change Management, System monitoring, Incident/Problem Management)
  • Business Continuity Planning and Disaster Recovery design and implementation
  • Relevant technology standards and regulations - ISO 27001, Data Privacy, FFIEC IT handbooks etc.
  • Data and Log Analysis (using SQL and Splunk) and visualisation (using Spotfire, Tableau, QlikView or other) would be useful but not required
  • Relevant Certification or industry accreditation (CISA, CISSP, CISM, etc.) useful but not required
  • Experience in managing audit engagements or technology projects
  • Team-oriented with a strong sense of ownership and accountability
  • Highly motivated with the ability to multi-task and remain organized in a fast-paced environment


The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.

© The Goldman Sachs Group, Inc., 2017. All rights reservedGoldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.

Meet Some of Goldman Sachs's Employees

Sabrina H.

Private Wealth Advisor

Sabrina is an entrepreneur within Goldman Sachs’ team-driven culture—mobilizing an elite team of wealth management professionals that help high net-worth individuals identify investment solutions including trusts, endowments, and real estate.

Rossi R.

Software Engineer, Asset Management

Rossi is a senior developer—evaluating data insights and allowing individual investors and high net-worth individuals and families 24/7 access to top-notch technology solutions.

Back to top