• Internal Audit - Tech Risk & Cyber Security - Analyst - Bengaluru

    Location(s) IN-Bengaluru
    Job ID
    2019-58785
    Schedule Type
    Full Time
    Level
    Analyst
    Function(s)
    General
    Region
    India
    Division
    Internal Audit
    Business Unit
    Internal Audit - Tech Audit
    Employment Type
    Employee
  • MORE ABOUT THIS JOB

    INTERNAL AUDIT 

    In Internal Audit, we ensure that Goldman Sachs maintains effective controls by assessing the reliability of financial reports, monitoring the firm’s compliance with laws and regulations, and advising management on developing smart control solutions. Our group has unique insight on the financial industry and its products and operations. We’re looking for detail-oriented team players who have an interest in financial markets and want to gain insight into the firm’s operations and control processes.

    RESPONSIBILITIES AND QUALIFICATIONS

    RESPONSIBILITIES


    • Participation in planning and scoping reviews, meeting with key people within the area being reviewed to understand the underlying system architecture in the context of information technology controls and their impact on the business and identify the key risks and controls to be assessed.
    • Preparation of the audit testing program and assessment of the adequacy of the design and operation of the controls associated with the key risks identified, which may require data analysis, code inspection/review and re-performance of system processes.
    • Assessment of the risk and impact of the issues identified on reviews and production of the report to management.
    • Follow up with stakeholders on remediation of actions coming out of issues identified during audits.
    • Ad hoc work on firmwide projects around new processes or activities and investigation of incidents.
    • Ongoing liaison with colleagues globally and internal and external stakeholders including regulators and external auditors.
    • Maintenance of internal stakeholder relationships and regular interaction with the business during the year to assess changes in the control environment and other matters arising in the business.


    QUALIFICATIONS / EXPERIENCE


    1-4 years of relevant technology audit experience or experience in using a combination of the following technologies:
    Experience in Cyber and Information Security risk assessments
    In-depth Application Security knowledge, strong fundamental understanding of web application technology and network protocol stack
    Proven experience in auditing web, android and mobile based applications, firm grasp on application security standards and methodologies (OWASP, SANS PCI, NIST, CSA)
    Development background with experience in secure code-review would be an advantage
    Experience with Splunk and/or other SIEM platforms would be useful
    Strong working knowledge of Linux and Windows operating systems
    Experience of bash scripting and executing standard commands would be useful
    Understanding of Networks infrastructure design, installation and support of network devices and firewalls
    Hands-on experience in conducting architecture and design reviews in the following areas:-
    Cloud computing technologies, risks and mitigating controls
    Database design, setup and administration (DBA) in SQL and NoSQL Database Environment
    System hardening and configuration of servers and desktops (UNIX, Windows, Directory Services etc.)
    Technology operations (Backups, Change Management, System monitoring, Incident/Problem Management)
    Business Continuity Planning and Disaster Recovery design and implementation
    Vulnerability assessment and penetration testing experience across varied technologies
    Identity and Access Management
    Relevant technology standards and regulations – ISO 27001, EU GDPR, GLBA, NIST Cyber Security framework, FFIEC IT handbooks etc.
    Data and Log Analysis (using SQL and Splunk) and visualisation (using Spotfire, Tableau, QlikView or other) would be useful but not required
    Relevant Certification or industry accreditation (CISA, CISSP, CISM, etc.) useful but not required
    Experience in managing audit engagements or technology projects
    Team-oriented with a strong sense of ownership and accountability
    Highly motivated with the ability to multi-task and remain organized in a fast-paced environment

    ABOUT GOLDMAN SACHS

    ABOUT GOLDMAN SACHS

    At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

    We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.

    We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html



    © The Goldman Sachs Group, Inc., 2020. All rights reserved.
    Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity

    Options