Job Description

Role
Internal Audit - IA Core Engineering and Cybersecurity Auditor (Vice President)
Internal Audit
What We Do
As the third line of defense, Internal Audit's mission is to independently assess the firm's internal control structure, including the firm's governance processes and controls, and risk management and capital and anti-financial crime frameworks , raise awareness of control risk and monitor the implementation of management's control measures. In doing so, internal Audit:

• Communicates and reports on the effectiveness of the firm's governance, risk management and controls that mitigate current and evolving risk
• Raise awareness of control risk
• Assesses the firm's control culture and conduct risks; and
• Monitors management's implementation of control measures

Goldman Sachs Internal Audit is organized into global teams comprising business and technology auditors to cover all the firm's businesses and functions, including global markets, investment banking, consumer and investment management, risk management, finance, cyber-security and technology risk, and core engineering.

Who We Look For
Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets, analytical, exercise professional skepticism and are able to challenge and discuss effectively with management on risks and control measures. We look for individuals who enjoy learning about audit, businesses and functions, have innovative and creative mindsets to adopt analytical techniques to enhance audit techniques, building relationships and are able to evolve and thrive in teamwork and in a fast-paced global environment.

IA Regional Technology Audit
IA Core Engineering and Cybersecurity Team performs the review of technology risks and controls within a challenging, dynamic and complex technology environment in GS China.

The role involves:

• Understanding the technology and cybersecurity related regulatory requirements in China and articulating their impact to the Internal Audit function. Additionally, provide key insights to the wider audit team on the application of these requirements.
• Identifying the regulatory requirements applicable to GS China's technology and infrastructure landscape and formulating an audit plan / strategy to address these requirements in compliance with the regulatory expectations.
• Determining the risk based audit plan and strategies for GS China based on the technology developments.
• Bridging the gap between the local and global audit teams to ensure global audits are sufficiently leveraged to address China specific requirements, wherever applicable.
• Providing timely updates to the global counterparts on GS China, including key technology developments and changes, new regulations / standards / guidelines, regulatory inspections, security incidents causing business disruption, key organizational changes etc.

A strong background in technology or engineering and a proven technology audit background are necessary.

Your Impact
As part of the third line of defense, you will be involved in independently assessing the firm's overall control environment, and communicating the results to the firm's local and global management the effectiveness of the firm's controls that mitigate current and emerging risks, and monitoring the management's implementation of control measures. In doing so, you are supporting the provision of independent, objective and timely assurance around the firm's internal control structure, and supporting the Audit Committee, the Board of Directors and Risk Committee in fulfilling their oversight responsibilities.

Responsibilities
You will be responsible to lead audits through different stages, including scoping and planning of the audits, deploying audit and analytical procedures and techniques to assess the design and operating effectiveness of the controls to mitigate the risks, and discuss the results with the firm's local and global management. For the open findings, you will be responsible to follow-up with the management on the remediation plan and completion timelines.

Additionally, you will be responsible to coach the junior / new team members on the firm's audit methodologies, audit execution, review of the work papers and findings discussions.

You will be required to provide updates to the global management on the key developments in China that may / may not impact Internal Audit.
Basic Requirements

• Minimum of 8 years of experience as a technology auditor, leading audits / compliance assessments covering IT general controls, cybersecurity controls, CSRC requirements
• Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly
• Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm and ale to coordinate with global counterparts
• Must be able to multitask while managing both time and work load
• Proven experience in managing an audit team
• Strong experience and familiarity with China laws and regulations relating to Technology including Cyber Security
• Written and verbal communication skills in Mandarin and English is a must; strong interpersonal skills essential.
• Job requires frequent interaction with technology management outside of China.

Preferred Qualifications

• Relevant degree in Computer Science, Information Security, Engineering or equivalent
• Relevant technology standards and regulations - ISO 27001, NIST Framework, CSRC notices, standards and guidelines etc.
• Relevant certification or industry accreditation (e.g., CISA, CISM, CISSP and/or Cloud Certifications etc.)
• Past experience of dealing with the local regulator and understanding of their ask from the various regulations / standards and guidelines will be useful

About GS
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.