Internal Audit - Cloud Technology Audit, Sr. Vice President, New York

In Internal Audit, we ensure that Goldman Sachs maintains effective controls by assessing the reliability of financial reports, monitoring the firm's compliance with laws and regulations, and advising management on developing smart control solutions. Our group has unique insight on the financial industry and its products and operations. We're looking for detail-oriented team players who have an interest in financial markets and want to gain insight into the firm's operations and control processes.

What We Do
As the third line of defense, Internal Audit's mission is to independently assess the firm's internal control structure, including the firm's governance processes and controls, and risk management and capital and anti-financial crime frameworks, raise awareness of control risk and monitor the implementation of management's control measures. In doing so, internal Audit:

• Communicates and reports on the effectiveness of the firm's governance, risk management and controls that mitigate current and evolving risk
• Raise awareness of control risk
• Assesses the firm's control culture and conduct risks
• Monitors management's implementation of control measures

Goldman Sachs Internal Audit comprises individuals from diverse backgrounds including chartered accountants, developers, risk management professionals, cybersecurity professionals, and data scientists. We are organized into global teams comprising business and technology auditors to cover all the firm's businesses and functions, including securities, investment banking, consumer and investment management, risk management, finance, cyber-security and technology risk, and engineering.

Who We Look For
Goldman Sachs Internal Auditors demonstrate strong risk and control mindsets, analytical, exercise professional skepticism and are able to challenge and discuss effectively with management on risks and control measures. We look for individuals who enjoy learning about audit, businesses and functions, have innovative and creative mindsets to adopt analytical techniques to enhance audit techniques, building relationships and are able to evolve and thrive in teamwork and in a fast-paced global environment.

Your Impact
As a Cloud Technology Auditor , you will be involved in providing assurance on the integrity, security, and compliance of an organization's cloud computing environments.(e.g., AWS, Azure, GCP).

As a Cloud Technology Auditor in the Core Engineering team, you will be involved in independently assessing the firm's overall control environment and communicating the results to the firm's local and global management the effectiveness of the firm's controls that mitigate current and emerging risks and monitoring the management's implementation of control measures. In doing so, you are supporting the provision of independent, objective and timely assurance around the firm's internal control structure, and supporting the Audit Committee, the Board of Directors and Risk Committee in fulfilling their oversight responsibilities.

• Performing regular risk assessments for the area of coverage
• Regularly meeting the business/engineering stakeholders and building strong relationships with management
• Continuously monitoring business and technology developments
• Monitoring regulatory requirements and developments, as well as industry standards
• Leading audit work, including defining the scope of risks and controls, assessment of controls design and effectiveness, reviewing audit work and reporting findings to internal and external management
• Validating the closure of management action points
• Managing, coaching and developing the team

Basic Qualifications

• More than 10 years of relevant audit experience focusing on Financial Services
• Possess a degree in Computer Science, Information Security, Engineering or equivalent
• Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly
• Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm
• Must be able to multitask while managing both time and workload
• Written and verbal communication skills a must; strong interpersonal skills are essential. Job requires frequent interaction with technology management

Preferred Qualifications

Technology audit skills including:

• Deep understanding of Cloud computing, technologies, risks and mitigating controls
• In-depth understanding of cloud computing concepts, architecture, and service models (IaaS, PaaS, SaaS)
• Familiarity with cloud-native security tools and services (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center)
• Proficiency in auditing various cloud services, including compute, storage, networking, databases, and serverless functions
• Proficiency in auditing controls related to cloud security configurations, identity and access management (IAM), data encryption, network security, logging and monitoring, and incident response within cloud platforms
• Understanding of DevOps, CI/CD pipelines, and infrastructure as code (IaC) in a cloud context.
• Relevant certification or industry accreditation