Internal Audit, Core Engineering, Vice President - New York

Location(s) US-NY-New York
Job ID
Schedule Type
Full Time
Vice President
Internal Audit
Business Unit
IA Engineering
Employment Type


Internal Audit

As the third line of defense, Internal Audit’s mission is to independently assess the firm’s internal control structure, including the firm’s governance processes and controls, and risk management, capital and anti-financial crime frameworks, while also raising awareness of control risks and monitoring the implementation of management’s control measures.  In doing so, Internal Audit:

  • Communicates and reports on the effectiveness of the firm’s governance, risk management, and controls that mitigate current and evolving risks,
  • Raises awareness of control risks,
  • Assesses the firm’s control culture and conduct risks; and
  • Monitors management’s implementation of control measures

Core Engineering

The Core Engineering audit team performs reviews of technology risks and controls within a challenging, dynamic and complex business and technology environment. The team covers core technology infrastructure platforms (cloud computing, database and big data), end user platforms (desktop, collaboration, e-Mail/messaging, web and mobile technologies), enterprise platforms (software development/SDLC, identity access management, job scheduling and workflow technologies) and production operations (on-premise operating systems and other centralized production systems).


Your Impact

As part of the third line of defense, you will be involved in independently assessing the firm’s overall control environment, and communicating the results to the firm’s local and global management.  Assessments include evaluating the effectiveness of the firm’s controls that mitigate current and emerging risks, and monitoring management’s implementation of control measures.  In doing so, you are supporting the provision of independent, objective and timely assurance around the firm’s internal control structure while also supporting the Audit Committee, the Board of Directors and Risk Committee in fulfilling their oversight responsibilities



You will play a vital role in the scoping and planning of the audits, deploy audit and analytical procedures and techniques to assess the design and operating effectiveness of the controls to mitigate the risks, and discuss the results with the firm’s local and global management.  In addition, you will also monitor and follow up with management on the resolution of open audit findings.


A strong background in technology engineering and a proven technology audit background are necessary. Experience in cybersecurity is a plus.


Basic Qualifications:

  • More than 9 years of experience as a technology auditor leading audits covering IT application and general controls, performing risk assessments, preparing audit plans, building stakeholder relationships, and presenting audit scope and findings to senior management
  • Experience managing audit engagements and teams across locations
  • Deep understanding of software development and system architecture
  • High-level understanding of databases, operating systems and messaging
  • Proficiency in Excel and SQL
  • Strong written, verbal communication, and relationship building skills

Preferred Qualifications:

  • Site reliability engineering and runtime operational tools (agent based technologies) and processes (change and incident management, job/batch management)
  • Cloud computing (Private, AWS, Google, Azure, Docker)
  • Linux and Windows operating systems:  security, configuration, and management
  • Database design, setup and administration (DBA) experience with Sybase, Oracle, or UDB
  • Big data systems and warehousing tools: Hadoop, NoSQL, Hbase, HDFS, Snowflake, MapReduce
  • Web infrastructure technologies, security and design
  • Systems development/SDLC tools and processes (SVN/CVS, build, software testing, configuration and deployment)
  • Email, messaging and collaboration systems (Exchange, Sharepoint, instant messaging)
  • Cyber and Information Security
  • Business Continuity Planning and Disaster Recovery design and implementation
  • Relevant technology standards and regulations – ISO 27001, FFIEC IT handbooks etc.
  • Data and Log Analysis (using SQL and Splunk) and visualisation (using Spotfire, Tableau, QlikView or other) would be useful but not required.
  • Relevant Certification or industry accreditation (CISA, CISSP, CISM, etc.)
  • Experience in managing technical audit engagements or technology projects
  • Team-oriented with a strong sense of ownership and accountability