Internal Audit - Core Engineering / Tech Risk and Cybersecurity
What We Do
As the third line of defense, Internal Audit's mission is to independently assess the firm's internal control structure, including the firm's governance processes and controls, and risk management and capital and anti-financial crime frameworks, raise awareness of control risk and monitor the implementation of management's control measures. In doing so, internal Audit:

• Communicates and reports on the effectiveness of the firm's governance, risk management and controls that mitigate current and evolving risk
• Raise awareness of control risk
• Assesses the firm's control culture and conduct risks; and
• Monitors management's implementation of control measures

Goldman Sachs Internal Audit is organized into global teams comprising business and technology auditors to cover all the firm's businesses and functions, including global markets, investment banking, consumer and investment management, risk management, finance, cyber-security and technology risk, and core engineering.

Who We Look For
Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets, analytical, exercise professional skepticism and are able to challenge and discuss effectively with management on risks and control measures. We look for individuals who enjoy learning about audit, businesses, and functions, have innovative and creative mindsets to adopt analytical techniques to enhance audit techniques, building relationships and are able to evolve and thrive in teamwork and in a fast-paced global environment.

Core Engineering / Tech Risk and Cybersecurity Audit
IA Core Engineering and Cybersecurity Team performs the review of technology risks and controls within a challenging, dynamic, and complex technology environment in GS.

The role involves:

1. Understanding the technology and cybersecurity related regulatory requirements in APAC and articulating their impact to the Internal Audit function. Additionally, provide key insights to the wider audit team on the application of these requirements.
2. Identifying the regulatory requirements in the APAC applicable to GS' technology and infrastructure landscape in the region and formulating an audit plan / strategy to address these requirements in compliance with the regulatory expectations.
3. Identifying risks and new / updated regulatory requirements in the APAC region which can help in the future audit plan and strategy formulations.
4. Bridging the gap between the local and global audit teams to ensure global audits are sufficiently leveraged to address region specific requirements, wherever applicable.
5. Providing timely updates to the global counterparts on developments in the APAC region, including key technology developments and changes, new regulations / standards / guidelines, regulatory inspections, security incidents causing business disruption, key organizational changes etc.

A strong background in technology or engineering and a proven technology audit background are necessary.

Your Impact
As part of the third line of defense, you will be involved in independently assessing the firm's overall control environment, effectiveness of the firm's controls that mitigate current and emerging risks, monitoring the management's implementation of control measures and communicating the results to the firm's local and global management. In doing so, you are supporting the provision of independent, objective and timely assurance around the firm's internal control structure, and supporting the Audit Committee, the Board of Directors and Risk Committee in fulfilling their oversight responsibilities.

Responsibilities
You will play a vital role in the scoping and planning of the audits, deploy audit and analytical procedures and techniques to assess the design and operating effectiveness of the controls to mitigate the risks, and discuss the results with the firm's local and global management. In addition, you will also monitor and follow-up with management on the resolution of the open audit findings.

Basic Requirements

• Minimum of 5 years of experience as a technology auditor, executing audits / compliance assessments covering IT general controls, cybersecurity controls, MAS, HKMA and CSRC requirements
• Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly
• Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm and able to coordinate with global counterparts
• Must be able to multitask while managing both time and workload
• Familiarity with technology and cybersecurity related laws and regulations in the APAC region. Work experience in assessing these areas is a plus.
• Strong written and verbal communication skills in English due to the firms global operating language; strong interpersonal skills essential
• Job requires frequent interaction with technology management outside of APAC region and involves EMEA, AMERICAS regions.

Preferred Qualifications
Technology audit skills, including understanding of (but not limited to):

• Relevant degree in Computer Science, Information Security, Engineering or equivalent
• Relevant technology standards and regulations - ISO 27001, NIST Framework, MAS and HKMA notices, standards, circulars, and guidelines etc.
• Relevant certification or industry accreditation (e.g., CISA, CISM, CISSP and/or Cloud Certifications)

ABOUT GOLDMAN SACHS
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.
We're committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html
© The Goldman Sachs Group, Inc., 2023. All rights reserved.
Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity