Head of Applications Audit

Job in USA | Career USA | BlackRock's Internal Audit Group is an independent global function responsible for providing assurance and advisory services covering all of Company's businesses and operations.  Audit is a critical component of BlackRock's control and risk management infrastructure.  The group seeks to attract and develop best-in-class talent from multi-disciplinary backgrounds including asset management, finance, technology, risk management, accounting, and operations.  Successful professionals in the group will demonstrate a strong understanding of the asset and risk management businesses, build strong working relationships with business partners, and deliver value-added services which strengthen the risk and control environment.
 
BlackRock's Technology Audit Team is based in New York, Princeton, San Francisco, London and Singapore.
 
Role Description
 
The VP / Director - Head of Application Audit will be responsible for continuing to develop an audit process which drives value added and impactful assurance over all aspects of the firm's technology application suite, including its global, integrated investment platform, Aladdin.  This role will play a meaningful part in the evolution of the 'integrated' audit approach by which technology risks and controls are evaluated concurrent with audits of business functions.   The candidate will report to the Audit Director of Global Technology in New York.  Some travel will be required, approximating 20%. 
 
Responsibilities:
 
The VP / Director - Head of Application Audit will play a leading role within the global technology audit team and will be expected to contribute significantly to strategic planning, process innovation, and assurance/advisory project execution of the Global team.  Specific responsibilities will include:
 
  • Developing the design and execution of the global application audit strategy including the integrated audit approach
  • Oversight and supervision of integrated and application audits and pre-implementation reviews
  • Project managing and supporting audit reviews aimed at optimizing technology control activities and processes
  • Assistance in the risk assessment of selected applications, initiatives and business units
  • Identify key control issues and emerging risks; work with management to ensure timely and effective remediation
  • Build strong relationships with the application development leadership team and other business partners
  • Collaborate with other Corporate risk and control functions to ensure activities are coordinated
  • Provide timely and candid feedback and coaching to staff
  • Effectively manage resources to optimize productivity, meet training and development needs, and deliver high quality, value added assurance and advisory services
 
Skills and Experience:
  • More than 10 years' experience of application audit in the financial services sector
  • Experience of  web and native application development technologies, such as:
    • Programming experience, e.g., C++, Java
    • Scripting experience, e.g., Perl, Python, Ruby
    • Experience with frameworks such as JBoss, Hibernates, Swing, JSP
    • SQL experience with a major database such as MySQL, Postgres, MS SQL, Sybase, Oracle
  • Strong application development, systems implementation and application project management experience
  • Strong understanding of security principles such as defense in depth
  • Strong understanding of application controls, data management principles, segregation of duties principles, application configuration and interfaces
  • Experience in the identification and  remediation of security bugs in the OWASP Top 10 or SANS Top 25 is preferable
  • Understanding of asset management products, business processes and systems preferable
  • Undergraduate or graduate degree in management information systems, engineering or a technology field is preferred.  BA/BS is required
  • Strong project management, organizational skills and presentation skills
  • Experience managing teams of skilled professionals
  • Excellent communication (verbal, written, and listening) and interpersonal skills; strong writing skills, particularly as related to audit reports and management presentations
  • Ability to develop and maintain effective working relationships with executive management and external regulators
  • Understanding of best practice control frameworks such as CoBIT, OWASP, ISO, ITIL and COSO
  • Professional certifications such as CISA, CIA and secure application development certification such as CSSLP or GSSP are preferable
 
BlackRock is proud to be an E-Verify & Equal Opportunity/Affirmative Action Employer--M/F/D/V.

Skills
BlackRock is one of the world's preeminent asset management firms and a premier provider of global investment management, risk management and advisory services to institutional, intermediary and individual investors around the world. BlackRock offers a range of solutions -- from rigorous fundamental and quantitative active management approaches aimed at maximizing outperformance to highly efficient indexing strategies designed to gain broad exposure to the world's capital markets. Our clients can access our investment solutions through a variety of product structures, including individual and institutional separate accounts, mutual funds and other pooled investment vehicles, and the industry-leading iShares® ETFs.