Internal Audit
Goldman Sachs
Bengaluru, IN
6d ago

RESPONSIBILITIES AND QUALIFICATIONS

RESPONSIBILITIES

Participation in planning and scoping reviews, meeting with key people within the area being reviewed to understand the underlying system architecture in the context of information technology controls and their impact on the business and identify the key risks and controls to be assessed.

Preparation of the audit testing program and assessment of the adequacy of the design and operation of the controls associated with the key risks identified, which may require data analysis, code inspection / review and re-

performance of system processes.

Assessment of the risk and impact of the issues identified on reviews and production of the report to management.

Follow up with stakeholders on remediation of actions coming out of issues identified during audits.

Ad hoc work on firmwide projects around new processes or activities and investigation of incidents.

Ongoing liaison with colleagues globally and internal and external stakeholders including regulators and external auditors.

Maintenance of internal stakeholder relationships and regular interaction with the business during the year to assess changes in the control environment and other matters arising in the business.

QUALIFICATIONS / EXPERIENCE

5-8 years of relevant technology audit experience or experience in using a combination of the following technologies :

Experience in Cyber and Information Security risk assessments

In-depth Application Security knowledge, strong fundamental understanding of web application technology and network protocol stack

Proven experience in auditing web, android and mobile based applications, firm grasp on application security standards and methodologies (OWASP, SANS PCI, NIST, CSA)

Development background with experience in secure code-review would be an advantage

Experience with Splunk and / or other SIEM platforms would be useful

Strong working knowledge of Linux and Windows operating systems

Experience of bash scripting and executing standard commands would be useful

Understanding of Networks infrastructure design, installation and support of network devices and firewalls

Hands-on experience in conducting architecture and design reviews in the following areas : -

Cloud computing technologies, risks and mitigating controls

Database design, setup and administration (DBA) in SQL and NoSQL Database Environment

System hardening and configuration of servers and desktops (UNIX, Windows, Directory Services etc.)

Technology operations (Backups, Change Management, System monitoring, Incident / Problem Management)

Business Continuity Planning and Disaster Recovery design and implementation

Vulnerability assessment and penetration testing experience across varied technologies

Identity and Access Management

Relevant technology standards and regulations ISO 27001, EU GDPR, GLBA, NIST Cyber Security framework, FFIEC IT handbooks etc.

Data and Log Analysis (using SQL and Splunk) and visualisation (using Spotfire, Tableau, QlikView or other) would be useful but not required

Relevant Certification or industry accreditation (CISA, CISSP, CISM, etc.) useful but not required

Experience in managing audit engagements or technology projects

Team-oriented with a strong sense of ownership and accountability

Highly motivated with the ability to multi-task and remain organized in a fast-paced environment

Apply
Add to favorites
Remove from favorites
Apply
My Email
By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
Continue
Application form