BlackRock's Technology Audit Team is based in New York, Princeton, San Francisco, London and Singapore.
Role Description
The VP / Director - Head of Application Audit will be responsible for continuing to develop an audit process which drives value added and impactful assurance over all aspects of the firm's technology application suite, including its global, integrated investment platform, Aladdin. This role will play a meaningful part in the evolution of the 'integrated' audit approach by which technology risks and controls are evaluated concurrent with audits of business functions. The candidate will report to the Audit Director of Global Technology in New York. Some travel will be required, approximating 20%.
Responsibilities:
The VP / Director - Head of Application Audit will play a leading role within the global technology audit team and will be expected to contribute significantly to strategic planning, process innovation, and assurance/advisory project execution of the Global team. Specific responsibilities will include:
- Developing the design and execution of the global application audit strategy including the integrated audit approach
- Oversight and supervision of integrated and application audits and pre-implementation reviews
- Project managing and supporting audit reviews aimed at optimizing technology control activities and processes
- Assistance in the risk assessment of selected applications, initiatives and business units
- Identify key control issues and emerging risks; work with management to ensure timely and effective remediation
- Build strong relationships with the application development leadership team and other business partners
- Collaborate with other Corporate risk and control functions to ensure activities are coordinated
- Provide timely and candid feedback and coaching to staff
- Effectively manage resources to optimize productivity, meet training and development needs, and deliver high quality, value added assurance and advisory services
Skills and Experience:
- More than 10 years' experience of application audit in the financial services sector
- Experience of web and native application development technologies, such as:
- Programming experience, e.g., C++, Java
- Scripting experience, e.g., Perl, Python, Ruby
- Experience with frameworks such as JBoss, Hibernates, Swing, JSP
- SQL experience with a major database such as MySQL, Postgres, MS SQL, Sybase, Oracle
- Strong application development, systems implementation and application project management experience
- Strong understanding of security principles such as defense in depth
- Strong understanding of application controls, data management principles, segregation of duties principles, application configuration and interfaces
- Experience in the identification and remediation of security bugs in the OWASP Top 10 or SANS Top 25 is preferable
- Understanding of asset management products, business processes and systems preferable
- Undergraduate or graduate degree in management information systems, engineering or a technology field is preferred. BA/BS is required
- Strong project management, organizational skills and presentation skills
- Experience managing teams of skilled professionals
- Excellent communication (verbal, written, and listening) and interpersonal skills; strong writing skills, particularly as related to audit reports and management presentations
- Ability to develop and maintain effective working relationships with executive management and external regulators
- Understanding of best practice control frameworks such as CoBIT, OWASP, ISO, ITIL and COSO
- Professional certifications such as CISA, CIA and secure application development certification such as CSSLP or GSSP are preferable
BlackRock is proud to be an E-Verify & Equal Opportunity/Affirmative Action Employer--M/F/D/V.
Skills
BlackRock is one of the world's preeminent asset management firms and a premier provider of global investment management, risk management and advisory services to institutional, intermediary and individual investors around the world. BlackRock offers a range of solutions -- from rigorous fundamental and quantitative active management approaches aimed at maximizing outperformance to highly efficient indexing strategies designed to gain broad exposure to the world's capital markets. Our clients can access our investment solutions through a variety of product structures, including individual and institutional separate accounts, mutual funds and other pooled investment vehicles, and the industry-leading iShares® ETFs.