Internal Audit Technology Cybersecurity Analyst

Introduction to Goldman Sachs

The Goldman Sachs Group, Inc. is a leading global financial services firm providing investment banking, global markets and investment management services to a substantial and diversified client base that includes corporations, financial institutions, governments, and high-net-worth individuals. The firm is headquartered in New York and maintains offices in London, Birmingham, Warsaw, Frankfurt, Tokyo, Hong Kong, and other major financial centres around the world.

At Goldman Sachs, our culture is one of teamwork, innovation, and meritocracy. We often say our people are our greatest asset and we take pride in supporting each colleague both professionally and personally. From collaborative work spaces and mindfulness classes to flexible work options, we offer our people the support they need to reach their goals in and outside the office.

About Internal Audit

Internal Audit’s mission is to independently assess the firm’s internal control structure, raise awareness of control risk, provide advice to management in developing control solutions and monitor the implementation of management’s control measures. Internal Audit assists the firm's Board of Directors Audit Committee in fulfilling its oversight responsibilities and regularly interacts with the external independent auditors. Our group has unique insight into the financial industry and its products and operations.

Goldman Sachs Internal Audit comprises individuals from diverse backgrounds including chartered accountants, developers, risk management professionals, cybersecurity professionals, and data scientists. We are organized into global teams comprising business and technology auditors.

Purpose & Scope of the Internal Audit Technology Cybersecurity Analyst Role

We’re looking for detail-oriented team players who have an interest in financial markets and the firm’s operations and control processes. This role is for a driven technology auditor to join our Technology Risk & Cybersecurity audit team and work in technology projects covering topics including cloud security and on-premises information technology infrastructure security, resilience and related firmwide technology processes and control practices.

For each assigned review you will report to an experienced project manager. You will be expected to:

• Assist the risk assessment, scoping and planning of a review
• Assist in executing the review. Specifically focusing on the following:
• Analyse the design of the platform’s architecture and technology-related processes in the context of information technology controls such as security, availability and performance and their impact on the business
• Design and execute tests to validate information technology controls, which may require system configuration review, data analysis, code inspection and re-performance of system processes
• Validate that technology controls meet internal standards and regulatory requirements.
• Document the details of work performed, and results of the test steps executed within the IA workpaper repository
• Assist in audit report preparation
• Assist in presenting the scope, progress, and results of the review to internal, technology and business stakeholders

General Skills And Experience

• Team-oriented with a strong sense of ownership and accountability
• Strong interpersonal and relationship management skills
• Strong verbal and written communication skills
• Highly motivated with the ability to multi-task and remain organized in a fast-paced environment
• Solid analytical skills
• Strong ability to quickly learn and understand new technologies
• Data and log analysis and visualization would be useful but not required
• Previous hands-on experience in an engineering role is a plus
• Knowledge of relevant technology standards and regulations.

Specific Skills And Experience

• Bachelor’s degree in Computer Science or Engineering (or equivalent) preferred
• 2-5 years of experience in technology audit or technology risk and controls assessment
• Sound understanding of internal control concepts, with the ability to evaluate and determine the appropriateness of controls through consideration of both technology and business risks
• Technology audit skills including:
• Experience with information and cybersecurity processes and platforms, cloud computing, infrastructure platforms (networking, storage, operating systems) and data platforms (big data, relational databases)
• Experience with artificial intelligence, system development and testing, vulnerability assessment and penetration testing, and operational resilience is a strong plus
• Ability to work effectively across a large audit team and multitask while managing both time and workload
• Ability to articulate technology risks to technology and non-technical stakeholders
• Business/financial product knowledge and/or related industry experience are a plus
• Relevant certification or industry accreditation (e.g., CISA, CISSP, CISM, CCSP etc.) is desirable but not required
• Experience in managing audit engagements or technology projects is a plus

Key skills/competency

• Technology Audit
• Cybersecurity
• Risk & Controls Assessment
• Information Security
• Cloud Computing
• IT Infrastructure
• Data Analysis
• Regulatory Compliance
• Problem Solving
• Communication
• Analytical Skills