What We Do
As the third line of defense, Internal Audit’s mission is to independently assess the firm’s internal control structure, including the firm’s governance processes and controls, and risk management and capital and anti-financial crime frameworks, raise awareness of control risk and monitor the implementation of management’s control measures. In doing so, internal Audit:
- Communicates and reports on the effectiveness of the firm’s governance, risk management and controls that mitigate current and evolving risk
- Raise awareness of control risk
- Assesses the firm’s control culture and conduct risks; and
- Monitors management’s implementation of control measures
Goldman Sachs Internal Audit is organized into global teams comprising business and technology auditors to cover all the firm’s businesses and functions, including global markets, investment banking, consumer and investment management, risk management, finance, cyber-security and technology risk, and core engineering.
Who We Look For
Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets, analytical, exercise professional skepticism and are able to challenge and discuss effectively with management on risks and control measures. We look for individuals who enjoy learning about audit, businesses and functions, have innovative and creative mindsets to adopt analytical techniques to enhance audit techniques, building relationships and are able to evolve and thrive in teamwork and in a fast-paced global environment.
Core Engineering / Tech Risk and Cybersecurity Audit
IA Core Engineering and Cybersecurity Team performs the review of technology risks and controls within a challenging, dynamic, and complex technology environment in GS.
The role involves:
1. Understanding the technology and cybersecurity related regulatory requirements in APAC and articulating their impact to the Internal Audit function. Additionally, provide key insights to the wider audit team on the application of these requirements.
2. Identifying the regulatory requirements in the APAC applicable to GS’ technology and infrastructure landscape in the region and formulating an audit plan / strategy to address these requirements in compliance with the regulatory expectations.
3. Identifying risks and new / updated regulatory requirements in the APAC region which can help in the future audit plan and strategy formulations.
4. Bridging the gap between the local and global audit teams to ensure global audits are sufficiently leveraged to address region specific requirements, wherever applicable.
5. Providing timely updates to the global counterparts on developments in the APAC region, including key technology developments and changes, new regulations / standards / guidelines, regulatory inspections, security incidents causing business disruption, key organizational changes etc.
A strong background in technology or engineering and a proven technology audit background are necessary.
Your Impact
As part of the third line of defense, you will be involved in independently assessing the firm’s overall control environment, effectiveness of the firm’s controls that mitigate current and emerging risks, monitoring the management’s implementation of control measures and communicating the results to the firm’s local and global management. In doing so, you are supporting the provision of independent, objective and timely assurance around the firm’s internal control structure, and supporting the Audit Committee, the Board of Directors and Risk Committee in fulfilling their oversight responsibilities.
Responsibilities
You will play a vital role in the scoping and planning of the audits, deploy audit and analytical procedures and techniques to assess the design and operating effectiveness of the controls to mitigate the risks, and discuss the results with the firm’s local and global management. In addition, you will also monitor and follow-up with management on the resolution of the open audit findings.
Basic Requirements
· Minimum 3 years of experience as a technology auditor, leading audits / compliance assessments covering IT general controls, cybersecurity controls, MAS requirements
· Basic understanding of technology audit methodologies
· Understanding of different components within the technology stack, e.g. Operating systems, networks or cloud computing
· Strong written and verbal communication skills
· Self-driven and proactive in taking full ownership and accountability of the assigned tasks and tracking them to completion within the stipulated timelines and as per the firm’s quality standards
Preferred Qualifications
Technology audit skills, including understanding of (but not limited to):
· Relevant degree in Computer Science, Information Security, Engineering or equivalent
· Relevant technology standards and regulations – ISO 27001, NIST Framework, MAS notices, standards and guidelines etc.
· Relevant certification or industry accreditation (e.g., CISA, CISM, CISSP and/or Cloud Certifications)