Internal Audit-GBM Engineering Operations Resilience Vice President-Technology Audit-Salt Lake City

INTERNAL AUDIT

In Internal Audit, we ensure that Goldman Sachs maintains effective controls by assessing the reliability of financial reports, monitoring the firm's compliance with laws and regulations, and advising management on developing smart control solutions. Our group has unique insight on the financial industry and its products and operations. We're looking for detail-oriented team players who have an interest in financial markets and want to gain insight into the firm's operations and control processes.

TEAM OVERVIEW

Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets, analytical, exercise professional skepticism, and are able to challenge and discuss effectively with management on risks and control measures. We look for individuals who enjoy learning about audit, businesses and functions, have innovative and creative mindsets to adopt analytical techniques to enhance audit techniques, building relationships and are able to evolve and thrive in teamwork and in a fast-paced global environment. Expertise in financial crime controls, in particular those related to transaction banking and consumer AML compliance.

• Communicates and reports on the effectiveness of the firm's governance, risk management and controls that mitigate current and evolving risk
• Raise awareness of control risk
• Assesses the firm's control culture and conduct risks
• Monitors management's implementation of control measures

• Performing regular risk assessments for the area of coverage
• Regularly meeting the business/engineering stakeholders and building strong relationships with management
• Continuously monitoring business and technology developments
• Monitoring regulatory requirements and developments, as well as industry standards
• Performing and leading audit work, including defining the scope of risks and controls assessment of controls design and effectiveness, reviewing audit work and reporting findings to internal and external management
• Validating the closure of management action points
• Managing, coaching and developing team members

• 7+ years' work experience, and a degree in Computer Science, Information Security, Engineering, or equivalent discipline.
  • Comprehensive knowledge of operational resilience including operational risk management, business continuity planning and testing, interconnections and interdependencies, third party dependency management, incident and crisis management.
• Knowledge of financial markets, products and services.
• Experience with Data Analytics tools and techniques.
• Ability to review/develop code (Java, C++, Python, etc.)
• Cloud security / risk concepts, architecture, controls, implementation, and assessment.
• Knowledge of security within the software development lifecycle, vulnerability assessments, penetration testing methodologies and processes, and security risks related to web, mobile, serverless and containerized applications, and network infrastructure.
• Relevant technology standards and regulations - FRB Sound Practices to Strengthen Operational Resilience, Bank of England PS21/3, NIST Cyber Security Framework, Cloud Security Alliance CCM, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks etc.
• Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm.
• Written and verbal communication skills a must; strong interpersonal skills essential. Job requires frequent interaction with technology management.
• Must be able to multitask while managing both time and workload.
• Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly.