Internal Audit, Technology Risk Cybersecurity Audit, VP, Dallas

The Goldman Sachs Group, Inc   •  

Dallas, TX

Industry: Accounting, Finance & Insurance


Less than 5 years

Posted 30 days ago

For each assigned review you will report to an experienced audit manager. You will be expected to:

  • Assist / Lead the risk assessment, scoping and planning of a review.
  • Assist / Lead in executing the review. Specifically focusing on the following:
    • Design and execute tests to validate identified application system controls, which may require data analysis, code inspection and re-performance of system processes.
    • Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.
    • Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls.
    • Validate that system features meet business, technology and regulatory requirements.
    • Validate the quality of internal SOX assessments.
  • Document the results of the test steps executed within the IA automated document project repository.
  • Assist/Lead in the report preparation
  • Assist/Lead in presenting the scope, progress and results of the review to internal, technology and business stakeholders.

Mandatory Qualifications

  • Minimum 3 years work experience, with 1 year minimum auditing experience
  • Possess a degree in Computer Science, Information Security, Engineering or equivalent
  • Technology skills including:
  • Deep understanding of Linux and Windows operating systems, experience of batch scripting and executing standard commands
  • Internet infrastructure design and installation and support of network devices and firewalls
  • Cloud computing concepts, technologies, risks and mitigating controls
  • Systems and security administration and configuration of servers and desktops (UNIX, Windows, directory services etc.)
  • Security risks related to web, mobile, web services, and client/server architectures
  • Encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture
  • Vulnerability assessment and penetration testing methodologies and processes for web, thick client and mobile applications
  • Experience with Splunk and/or other SIEM platforms would be useful but not required
  • Threat modelling, intelligence and incident response
  • Management, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)
  • Business continuity planning and disaster recovery design and implementation
  • Security within the software development lifecycle
  • Relevant technology standards and regulations – NIST Cyber Security Framework, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks etc.
  • Data and log analysis (using SQL and Splunk) and visualisation (using Spotfire, Tableau, QlikView or other) would be useful but not required
  • Relevant certification or industry accreditation (CISA, CISSP, CISM, etc.) useful but not required
  • Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm
  • Written and verbal communication skills a must; strong interpersonal skills essential. Job requires frequent interaction with technology management
  • Must be able to multitask while managing both time and work load
  • Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly.