Job Description

Internal Audit - Technology Auditor, Vice President, Singapore (SDLC Platforms)

What We Do
As the third line of defense, Internal Audit\'s mission is to independently assess the firm\'s internal control structure, including the firm\'s governance processes and controls, and risk management and capital and anti-financial crime frameworks, raise awareness of control risk and monitor the implementation of management\'s control measures. In doing so, internal Audit:

• Communicates and reports on the effectiveness of the firm\'s governance, risk management and controls that mitigate current and evolving risk.
• Raise awareness of control risk
• Assesses the firm\'s control culture and conduct risks; and
• Monitors management\'s implementation of control measures.

Goldman Sachs Internal Audit is organized into global teams comprising business and technology auditors to cover all the firm\'s businesses and functions, including global markets, investment banking, consumer and investment management, risk management, finance, cyber-security and technology risk, and core engineering.

Who We Look For
Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets, analytical, exercise professional skepticism, can challenge and engagement in discussion with management on risks and control measures. We look for individuals who enjoy learning about audit, businesses, and functions, have innovative and creative mindsets to adopt analytical techniques to enhance audit techniques, building relationships and can evolve and thrive in teamwork and in a fast-paced global environment.

Core Engineering/Tech Risk and Cybersecurity Audit
IA Core Engineering/ Tech Risk and Cybersecurity Audit Team performs the review of technology risks and controls within a challenging, dynamic, and complex technology environment in GS.

The role involves:

• End to end involvement of the audit life cycle (Plan, execute and report)
• Assessment of technology controls through testing of design/operating effectiveness and data analytics.
• Identification of emerging risks and regulatory requirements applicable to GS technology environment and formulating an audit plan / strategy.
• Bridging the gap between the local and global audit teams to ensure global audits have sufficiently coverage in region-specific requirements.
• Stakeholder management and monitor changes in the impacted geographic region, such as technology / organizational changes and security incidents.
• Respond to and facilitate regulatory inquiries/ inspections.

Your Impact
As part of the third line of defense, you will be involved in independently assessing the firm\'s overall control environment, effectiveness of the firm\'s controls that mitigate current and emerging risks, monitoring the management\'s implementation of control measures, and communicating the results to the firm\'s local and global management. In doing so, you are supporting the provision of independent, objective, and timely assurance around the firm\'s internal control structure, and supporting the Audit Committee, the Board of Directors, and Risk Committee in fulfilling their oversight responsibilities.

Responsibilities
You will play a vital role in the scoping and planning of the audits, deploy audit and analytical procedures and techniques to assess the design and operating effectiveness of the controls to mitigate the risks, and discuss the results with the firm\'s local and global management. In addition, you will monitor and follow-up with management on the resolution of the open audit findings.

Basic Requirements

• Minimum of 12 years of experience as a technology auditor, executing audits on IT general controls, agile software development lifecycle (SDLC) controls.
• Strong foundation in IT general controls e.g change management, incident management, system resiliency, infrastructure security configurations etc.
• Able to understand and identify security vulnerabilities by manual inspection in multiple code across programming and configuration languages including but not limited to Python, Java, C++ and Terraform. System development experience in Agile/ DevOps is a plus.
• Strong foundation in SDLC methodologies, such as automated software security testing (e.g DAST, SAST, IaC etc), continuous integration and deployment of applications.
• Familiar or have audited software development and virtualization tools such as GitLab, Dockers, Kubernetes etc.
• Must be highly motivated with strong analytical and multitasking skill. Willing and able to learn new business and system processes quickly.
• Ability to work effectively across a large audit team, understanding the team\'s role in the overall strategy of the firm and able to coordinate with global counterparts.
• Understanding of financial regulatory requirements.

Preferred Qualifications
Technology audit skills, including understanding of (but not limited to):

• Relevant degree in Computer Science, Information Security, Engineering or equivalent.
• Relevant technology standards e. g ISO 27001, NIST Framework, COBIT.
• Relevant professional certifications e.g., Certified information system audit (CISA), Certified secure-software lifecycle professional (CSSLP).

ABOUT GOLDMAN SACHS
At Goldman Sachs, we commit our people, capital, and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities, and investment management firm. Headquartered in New York, we maintain offices around the world.

We believe who you are makes you better at what you do. We\'re committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.

We\'re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more:

https://www.goldmansachs.com/careers/footer/disability-statement.html
\xc2\xa9 The Goldman Sachs Group, Inc., 2023. All rights reserved.
Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity

eFinancialCareers