Goldman Sachs Bank AG
Internal Audit, Technology Audit, Cloud and Cyber Security, Sr. Vice President, New York location_on New York, New York, United States
In Internal Audit, we ensure that Goldman Sachs maintains effective controls by assessing the reliability of financial reports, monitoring the firm’s compliance with laws and regulations, and advising management on developing smart control solutions. Our group has unique insight on the financial industry and its products and operations. We’re looking for detail-oriented team players who have an interest in financial markets and want to gain insight into the firm’s operations and control processes.
What We Do As the third line of defense, Internal Audit's mission is to independently assess the firm's internal control structure, including the firm's governance processes and controls, and risk management and capital and anti-financial crime frameworks, raise awareness of control risk and monitor the implementation of management's control measures. In doing so, internal Audit:
Communicates and reports on the effectiveness of the firm's governance, risk management and controls that mitigate current and evolving risk
Raise awareness of control risk
Assesses the firm's control culture and conduct risks
Monitors management's implementation of control measures
Goldman Sachs Internal Audit comprises individuals from diverse backgrounds including chartered accountants, developers, risk management professionals, cybersecurity professionals, and data scientists. We are organized into global teams comprising business and technology auditors to cover all the firm's businesses and functions, including securities, investment banking, consumer and investment management, risk management, finance, cyber-security and technology risk, and engineering.
Who We Look For Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets, analytical, exercise professional skepticism and are able to challenge and discuss effectively with management on risks and control measures. We look for individuals who enjoy learning about audit, businesses and functions, have innovative and creative mindsets to adopt analytical techniques to enhance audit techniques, building relationships and are able to evolve and thrive in teamwork and in a fast-paced global environment.
Team Overview Technology Risk and Cybersecurity team is responsible for covering firm-wide technology risk, including information and cyber security, business resilience, governance and vendor technology risk management. As Tech Risk and Cybersecurity auditors, you will be involved in providing assurance on the information and cyber security controls within the firm across different platforms and security layers which help the firm in detecting and preventing cyber-attacks.
Your Impact As a Technology Risk and Cybersecurity auditor, you will be involved in independently assessing the firm’s overall control environment and communicating the results to the firm’s local and global management the effectiveness of the firm’s controls that mitigate current and emerging risks and monitoring the management’s implementation of control measures. In doing so, you are supporting the provision of independent, objective and timely assurance around the firm’s internal control structure, and supporting the Audit Committee, the Board of Directors and Risk Committee in fulfilling their oversight responsibilities.
Responsibilities
Performing regular risk assessments for the area of coverage
Regularly meeting the business/engineering stakeholders and building strong relationships with management
Continuously monitoring business and technology developments
Monitoring regulatory requirements and developments, as well as industry standards
Leading audit work, including defining the scope of risks and controls, assessment of controls design and effectiveness, reviewing audit work and reporting findings to internal and external management
Validating the closure of management action points
Managing, coaching and developing the team
Basic Qualifications
More than 10 years of relevant audit experience focusing on Financial Services
Possess a degree in Computer Science, Information Security, Engineering or equivalent
Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly
Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm
Must be able to multitask while managing both time and workload
Written and verbal communication skills a must; strong interpersonal skills essential. Job requires frequent interaction with technology management
Preferred Qualifications
Deep understanding of Linux and Windows operating systems, experience of batch scripting and executing standard commands
Internet infrastructure design and installation and support of network devices and firewalls
Deep understanding of Cloud computing, technologies, risks and mitigating controls
Systems and security administration and configuration of servers and desktops (UNIX, Windows, directory services etc.)
Security risks related to web, mobile, web services, and client/server architectures
Encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture
Vulnerability assessment and penetration testing methodologies and processes for web, thick client and mobile applications
Experience with Splunk and/or other SIEM platforms would be useful but not required
Threat modelling, intelligence and incident response
Management, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)
Business continuity planning and disaster recovery design and implementation
Security within the software development lifecycle
Relevant technology standards and regulations – NIST Cyber Security Framework, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks etc.
Experience with Data Analytics tools and techniques
Relevant certification or industry accreditation (CISA, CISSP, CISM, etc.)
ABOUT GOLDMAN SACHS At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html
Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, veterans status, disability, or any other characteristic protected by applicable law.
Salary Range The expected base salary for this New York, New York, United States-based position is $100,000-$250,000. In addition, you may be eligible for a discretionary bonus if you are an active employee as of fiscal year-end.
Benefits Goldman Sachs is committed to providing our people with valuable and competitive benefits and wellness offerings, as it is a core part of providing a strong overall employee experience. A summary of these offerings, which are generally available to active, non-temporary, full-time and part-time US employees who work at least 20 hours per week, can be found here.
Healthcare & Medical Insurance
We offer a wide range of health and welfare programs that vary depending on office location. These generally include medical, dental, short-term disability, long-term disability, life, accidental death, labor accident and business travel accident insurance.
We offer competitive vacation policies based on employee level and office location. We promote time off from work to recharge by providing generous vacation entitlements and a minimum of three weeks expected vacation usage each year.
Financial Wellness & Retirement
We assist employees in saving and planning for retirement, offer financial support for higher education, and provide a number of benefits to help employees prepare for the unexpected. We offer live financial education and content on a variety of topics to address the spectrum of employees’ priorities.
Health Services
We offer a medical advocacy service for employees and family members facing critical health situations, and counseling and referral services through the Employee Assistance Program (EAP). We provide Global Medical, Security and Travel Assistance and a Workplace Ergonomics Program. We also offer state-of-the‑art on‑site health centers in certain offices.
Fitness
To encourage employees to live a healthy and active lifestyle, some of our offices feature on‑site fitness centers. For eligible employees we typically reimburse fees paid for a fitness club membership or activity (up to a pre‑approved amount).
Child Care & Family Care
We offer on‑site child care centers that provide full‑time and emergency back‑up care, as well as mother and baby rooms and homework rooms. In every office, we provide advice and counseling services, expectant parent resources and transitional programs for parents returning from parental leave. Adoption, surrogacy, egg donation and egg retrieval stipends are also available.
Benefits at Goldman Sachs
Read more about the full suite of class‑leading benefits our firm has to offer.
#J-18808-Ljbffr
In Internal Audit, we ensure that Goldman Sachs maintains effective controls by assessing the reliability of financial reports, monitoring the firm’s compliance with laws and regulations, and advising management on developing smart control solutions. Our group has unique insight on the financial industry and its products and operations. We’re looking for detail-oriented team players who have an interest in financial markets and want to gain insight into the firm’s operations and control processes.
What We Do As the third line of defense, Internal Audit's mission is to independently assess the firm's internal control structure, including the firm's governance processes and controls, and risk management and capital and anti-financial crime frameworks, raise awareness of control risk and monitor the implementation of management's control measures. In doing so, internal Audit:
Communicates and reports on the effectiveness of the firm's governance, risk management and controls that mitigate current and evolving risk
Raise awareness of control risk
Assesses the firm's control culture and conduct risks
Monitors management's implementation of control measures
Goldman Sachs Internal Audit comprises individuals from diverse backgrounds including chartered accountants, developers, risk management professionals, cybersecurity professionals, and data scientists. We are organized into global teams comprising business and technology auditors to cover all the firm's businesses and functions, including securities, investment banking, consumer and investment management, risk management, finance, cyber-security and technology risk, and engineering.
Who We Look For Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets, analytical, exercise professional skepticism and are able to challenge and discuss effectively with management on risks and control measures. We look for individuals who enjoy learning about audit, businesses and functions, have innovative and creative mindsets to adopt analytical techniques to enhance audit techniques, building relationships and are able to evolve and thrive in teamwork and in a fast-paced global environment.
Team Overview Technology Risk and Cybersecurity team is responsible for covering firm-wide technology risk, including information and cyber security, business resilience, governance and vendor technology risk management. As Tech Risk and Cybersecurity auditors, you will be involved in providing assurance on the information and cyber security controls within the firm across different platforms and security layers which help the firm in detecting and preventing cyber-attacks.
Your Impact As a Technology Risk and Cybersecurity auditor, you will be involved in independently assessing the firm’s overall control environment and communicating the results to the firm’s local and global management the effectiveness of the firm’s controls that mitigate current and emerging risks and monitoring the management’s implementation of control measures. In doing so, you are supporting the provision of independent, objective and timely assurance around the firm’s internal control structure, and supporting the Audit Committee, the Board of Directors and Risk Committee in fulfilling their oversight responsibilities.
Responsibilities
Performing regular risk assessments for the area of coverage
Regularly meeting the business/engineering stakeholders and building strong relationships with management
Continuously monitoring business and technology developments
Monitoring regulatory requirements and developments, as well as industry standards
Leading audit work, including defining the scope of risks and controls, assessment of controls design and effectiveness, reviewing audit work and reporting findings to internal and external management
Validating the closure of management action points
Managing, coaching and developing the team
Basic Qualifications
More than 10 years of relevant audit experience focusing on Financial Services
Possess a degree in Computer Science, Information Security, Engineering or equivalent
Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly
Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm
Must be able to multitask while managing both time and workload
Written and verbal communication skills a must; strong interpersonal skills essential. Job requires frequent interaction with technology management
Preferred Qualifications
Deep understanding of Linux and Windows operating systems, experience of batch scripting and executing standard commands
Internet infrastructure design and installation and support of network devices and firewalls
Deep understanding of Cloud computing, technologies, risks and mitigating controls
Systems and security administration and configuration of servers and desktops (UNIX, Windows, directory services etc.)
Security risks related to web, mobile, web services, and client/server architectures
Encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture
Vulnerability assessment and penetration testing methodologies and processes for web, thick client and mobile applications
Experience with Splunk and/or other SIEM platforms would be useful but not required
Threat modelling, intelligence and incident response
Management, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)
Business continuity planning and disaster recovery design and implementation
Security within the software development lifecycle
Relevant technology standards and regulations – NIST Cyber Security Framework, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks etc.
Experience with Data Analytics tools and techniques
Relevant certification or industry accreditation (CISA, CISSP, CISM, etc.)
ABOUT GOLDMAN SACHS At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html
Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, veterans status, disability, or any other characteristic protected by applicable law.
Salary Range The expected base salary for this New York, New York, United States-based position is $100,000-$250,000. In addition, you may be eligible for a discretionary bonus if you are an active employee as of fiscal year-end.
Benefits Goldman Sachs is committed to providing our people with valuable and competitive benefits and wellness offerings, as it is a core part of providing a strong overall employee experience. A summary of these offerings, which are generally available to active, non-temporary, full-time and part-time US employees who work at least 20 hours per week, can be found here.
Healthcare & Medical Insurance
We offer a wide range of health and welfare programs that vary depending on office location. These generally include medical, dental, short-term disability, long-term disability, life, accidental death, labor accident and business travel accident insurance.
We offer competitive vacation policies based on employee level and office location. We promote time off from work to recharge by providing generous vacation entitlements and a minimum of three weeks expected vacation usage each year.
Financial Wellness & Retirement
We assist employees in saving and planning for retirement, offer financial support for higher education, and provide a number of benefits to help employees prepare for the unexpected. We offer live financial education and content on a variety of topics to address the spectrum of employees’ priorities.
Health Services
We offer a medical advocacy service for employees and family members facing critical health situations, and counseling and referral services through the Employee Assistance Program (EAP). We provide Global Medical, Security and Travel Assistance and a Workplace Ergonomics Program. We also offer state-of-the‑art on‑site health centers in certain offices.
Fitness
To encourage employees to live a healthy and active lifestyle, some of our offices feature on‑site fitness centers. For eligible employees we typically reimburse fees paid for a fitness club membership or activity (up to a pre‑approved amount).
Child Care & Family Care
We offer on‑site child care centers that provide full‑time and emergency back‑up care, as well as mother and baby rooms and homework rooms. In every office, we provide advice and counseling services, expectant parent resources and transitional programs for parents returning from parental leave. Adoption, surrogacy, egg donation and egg retrieval stipends are also available.
Benefits at Goldman Sachs
Read more about the full suite of class‑leading benefits our firm has to offer.
#J-18808-Ljbffr