What We Do As the third line of defense, Internal Audit's mission is to independently assess the firm's internal control structure, including the firm's governance processes and controls, and risk management and capital and anti-financial crime frameworks , raise awareness of control risk and monitor the implementation of management's control measures. In doing so, internal Audit:
Communicates and reports on the effectiveness of the firm's governance, risk management and controls that mitigate current and evolving risk
Raise awareness of control risk
Assesses the firm's control culture and conduct risks; and
Monitors management's implementation of control measures
Goldman Sachs Internal Audit is organized into global teams comprising business and technology auditors to cover all the firm's businesses and functions, including global markets, investment banking, consumer and investment management, risk management, finance, cyber-security and technology risk, and core engineering.
Who We Look For Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets, analytical, exercise professional skepticism and are able to challenge and discuss effectively with management on risks and control measures. We look for individuals who enjoy learning about audit, businesses, and functions, have innovative and creative mindsets to adopt analytical techniques to enhance audit techniques, building relationships and are able to evolve and thrive in teamwork and in a fast-paced global environment.
Responsibilities You will play a vital role in the scoping and planning of the audits, deploy audit and analytical procedures and techniques to assess the design and operating effectiveness of the controls to mitigate the risks, and discuss the results with the firm's local and global management. In addition, you will also monitor and follow-up with management on the resolution of the open audit findings. IA Core Engineering and Cybersecurity Team performs the review of technology risks and controls within a challenging, dynamic, and complex technology environment in GS. The role involves:
Understanding the technology and cybersecurity related regulatory requirements in APAC and articulating their impact to the Internal Audit function. Additionally, provide key insights to the wider audit team on the application of these requirements.
Identifying the regulatory requirements in the APAC applicable to GS' technology and infrastructure landscape in the region and formulating an audit plan / strategy to address these requirements in compliance with the regulatory expectations.
Identifying risks and new / updated regulatory requirements in the APAC region which can help in the future audit plan and strategy formulations.
Bridging the gap between the local and global audit teams to ensure global audits are sufficiently leveraged to address region specific requirements, wherever applicable.
Providing timely updates to the global counterparts on developments in the APAC region, including key technology developments and changes, new regulations / standards / guidelines, regulatory inspections, security incidents causing business disruption, key organizational changes etc.
A strong background in technology or engineering and a proven technology audit background are necessary.
Minimum of 5 years of experience as a technology auditor, leading audits / compliance assessments covering IT general controls, cybersecurity controls, MAS, HKMA and CSRC requirements
Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly
Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm and able to coordinate with global counterparts
Must be able to multitask while managing both time and workload
Proven experience in managing an audit team
Strong experience and familiarity with technology and cybersecurity related laws and regulations in the APAC region
Written and verbal communication skills English is a must (other Asia languages, good to have); strong interpersonal skills essential
Job requires frequent interaction with technology management outside of APAC region and involves EMEA, AMERICAS regions.
Preferred Qualifications Technology audit skills, including understanding of (but not limited to):
Relevant degree in Computer Science, Information Security, Engineering or equivalent
Relevant technology standards and regulations - ISO 27001, NIST Framework, MAS and HKMA notices, standards, circulars, and guidelines etc.
Relevant certification or industry accreditation (e.g., CISA, CISM, CISSP and/or Cloud Certifications)
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.