Internal Audit - Global Banking and Markets Engineering, Cyber Security SME

THE ROLE AND RESPONSIBILITIES

As the third line of defence, Internal Audit's mission is to independently assess the firm's internal control structure, including the firm's governance processes and controls, and risk management and capital and anti-financial crime frameworks, raise awareness of control risk and monitor the implementation of management's control measures.

In doing so, Internal Audit perform the following duties:

Communicates and reports on the effectiveness of the firm's governance, risk management and controls that mitigate current and evolving risk

Raise awareness of control risk

Assesses the firm's control culture and conduct risks

Monitors management's implementation of control measures

Additional responsibilities include:

Performing regular risk assessments for the area of coverage

Regularly meeting the business/engineering stakeholders and building strong relationships with management

Analyzing the business and technology processes to evaluate the effectiveness of the relevant technology controls, including automated application controls and IT general controls

Validating that the scoped technology controls meet business, technology, and regulatory requirements

Continuously monitoring business and technology developments

Monitoring regulatory requirements and developments, as well as industry standards

Performing and leading audit work, including defining the scope of risks and controls assessment of controls design and effectiveness, reviewing audit work and reporting findings to internal and external management

Validating the closure of management action points

Managing, coaching and developing team members

SKILLS AND EXPERIENCE REQUIRED

9+ years’ work experience, and a degree in Computer Science, Information Security, Engineering, or equivalent discipline.

Knowledge of financial markets, products and services.

Understanding of management, monitoring, operations, and disaster recovery of systems with high availability.

Experience with Data Analytics tools and techniques.

Ability to review/develop code (Java, C++, Python, etc.)

Cloud security / risk concepts, architecture, controls, implementation, and assessment.

Security within the software development lifecycle and Infrastructure as Code.

Vulnerability assessment and penetration testing methodologies and processes.

Security risks related to web, mobile, serverless and containerized applications, and network infrastructure.

Relevant technology standards and regulations – NIST Cyber Security Framework, Cloud Security Alliance CCM, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks etc.

Sound understanding of internal control concepts, with the ability to evaluate and determine the appropriateness of controls through consideration of both business and technology risks

Technology audit skills including an understanding of:

System architecture, with understanding of databases, operating systems and messaging

Prior experience of testing automated IT application controls and IT general controls

Data analysis skills over large datasets (Python experience is desirable)

Ability to review code

Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm.

Written and verbal communication skills a must; strong interpersonal skills essential. Job requires frequent interaction with technology management.

Must be able to multitask while managing both time and workload.

Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly.