Internal Audit

Blackstone is the world’s largest alternative asset manager. We seek to create positive economic impact and long-term value for our investors, the companies we invest in, and the communities in which we work. We do this by using extraordinary people and flexible capital to help companies solve problems. Our $1.1 trillion in assets under management include investment vehicles focused on private equity, real estate, public debt and equity, infrastructure, life sciences, growth equity, opportunistic, non-investment grade credit, real assets and secondary funds, all on a global basis. Further information is available at www.blackstone.com. Follow @blackstone on LinkedIn, Twitter, and Instagram.
 

Position Title

Internal Audit – Technology Audit Assistant Vice President (AVP) – New York

Job Description

Blackstone Internal Audit (BXIA) provides independent assurance to executive management and the Blackstone Audit Committee on the effectiveness of the Firm’s governance, risk management, and internal control processes. The Internal Audit AVP will be involved in the core activities undertaken by BXIA, audit planning and execution, annual risk assessments, SOX assurance, advisory activities, and contributing to department wide strategic initiatives. While primarily focused on technology risk, the role will offer exposure to other key areas, including investment and asset management, risk management, operations, finance, and compliance. Specific responsibilities will include, but are not limited to:

• Assist in the execution of the global audit risk assessment and planning processes across Blackstone’s technology environment
• Develop technology audit work programs to support the annual Audit Plan
• Leverage industry experience to provide technology risk subject matter expertise for audit and advisory engagements
• Perform risk-based technology audits and reviews of systems, applications, infrastructure (including cloud), and IT processes across Blackstone’s global businesses, products, regions, and enterprise functions
• Support integrated business audits by providing IT technology expertise to operational auditors and completing technical aspects of testing
• Identify and evaluate key controls (e.g., SOPs, ITGCs, application and infrastructure controls) including performing testing for design and operating effectiveness, documentation of test results, identification of findings as applicable, and development of corrective actions or operational enhancement opportunities that mitigate risk, drive efficiency, and add value
• Meet with key technology and business stakeholders to gain an understanding of their respective operating and risk environments, and independently assess risk across key processes supporting those environments
• Find opportunities to drive audit process efficiency with existing technical infrastructure through automation while embracing innovative opportunities offered by new technologies, including leveraging data analytics
• Participate in and/or lead firm and department initiatives
• Stay up to date with evolving industry / technology trends, external news, and regulatory changes; analyze the impact to the business and technology operating environment
• Champion a culture of innovation

Qualifications    

BXIA seeks to attract and develop best-in-class talent from diverse professional backgrounds including finance, technology, risk management, operations, and compliance. Successful professionals should demonstrate a strong understanding of the asset management business and its technologies, and a history of cultivating strong working relationships with business partners through the delivery of impactful services focused on strengthening the risk and control environment. The relative small size of this group offers an opportunity to gain significant exposure across the Blackstone platform.

• CISA qualification with 7+ years of IT audit, risk management, or a related field within financial services or a similar highly regulated industry Experience in critical technology domains including infrastructure (networks, databases and Windows/Unix operating systems), cyber security, ITSM practices, data analytics, applications (ERP and cloud solutions) and emerging technologies (e.g., robotics, AI, mobile)
• Working knowledge of generally accepted technology and information security standards and control practices (e.g., SOX, COBIT, NIST, ISO27001, ITIL)
• Working knowledge of common technology controls including those related to change management, logical access, system resilience & availability, information security, data interfaces and vendor oversight
• Understanding of key global financial services regulations and regulatory developments relevant to IT risks and controls
• Proven track record of leading technology audits and providing recommendations to stakeholders on the design, implementation and effectiveness of IT controls
• Ability to deliver integrated audits working with operational auditors to review the systems and infrastructure supporting business functions
• Understanding of internal control environments within the IT function
• Experience with data analytics / visualization and related tools (e.g., Tableau)
• Experience with Governance, Risk, and Compliance technology tools
• Undergraduate or graduate degree in information technology, computer science, cybersecurity, information systems, or a related field
• Proficient understanding of current accounting pronouncements, regulatory and industry events, and public company ICFR / SOX requirements
• Personal and professional integrity and objectivity of the highest order, with the ability to remain free from undue influence and a commitment to transparent communications
• Intellectual curiosity and ability to stay up to speed on developments in technology risk, global markets, our business, and the internal audit practice
• Excellent written and verbal communication skills, combined with strong interpersonal skills including the ability to present complex technical issues to executive management in straightforward terms
• Ability to evaluate risk impact and root cause
• Strong attention to detail and analytical rigor, with a commitment to achieving the highest standard of care
• Ability to think critically and strategically to develop innovative recommendations to mitigate risks / add value
• Ability to adapt to new challenges and thrive in a fast-paced environment while handling multiple priorities
• Ability to be proactive and work well within a team and individually
• Ability to work with and establish relationships with various levels of business stakeholders
• Energetic and enthusiastic approach to the role
• CISM, CPA, or CIA certification preferred in addition to CISA
• More advanced security and public cloud certifications would be an advantage, e.g., CISSP, AWS Solutions Architect / Security, Microsoft Azure Administrator / Architect, etc.

The duties and responsibilities described here are not exhaustive and additional assignments, duties, or responsibilities may be required of this position.  Assignments, duties, and responsibilities may be changed at any time, with or without notice, by Blackstone in its sole discretion.

Expected annual base salary range:

Actual base salary within that range will be determined by several components including but not limited to the individual's experience, skills, qualifications and job location. For roles located outside of the US, please disregard the posted salary bands as these roles will follow a separate compensation process based on local market comparables.

Additional compensation: Base salary does not include other forms of compensation or benefits offered in connection with the advertised role.

Blackstone is committed to providing equal employment opportunities to all employees and applicants for employment without regard to race, color, creed, religion, sex, pregnancy, national origin, ancestry, citizenship status, age, marital or partnership status, sexual orientation, gender identity or expression, disability, genetic predisposition, veteran or military status, status as a victim of domestic violence, a sex offense or stalking, or any other class or status in accordance with applicable federal, state and local laws. This policy applies to all terms and conditions of employment, including but not limited to hiring, placement, promotion, termination, transfer, leave of absence, compensation, and training.  All Blackstone employees, including but not limited to recruiting personnel and hiring managers, are required to abide by this policy.

If you need a reasonable accommodation to complete your application, please email Human Resources at [email protected].

Depending on the position, you may be required to obtain certain securities licenses if you are in a client facing role and/or if you are engaged in the following:

• Attending client meetings where you are discussing Blackstone products and/or and client questions;

• Marketing Blackstone funds to new or existing clients;

• Supervising or training securities licensed employees;

• Structuring or creating Blackstone funds/products; and

• Advising on marketing plans prepared by a sales team or developing and/or contributing information for marketing materials.

Note: The above list is not the exhaustive list of activities requiring securities licenses and there may be roles that require review on a case-by-case basis.  Please speak with your Blackstone Recruiting contact with any questions.

To submit your application please complete the form below. Fields marked with a red asterisk * must be completed to be considered for employment (although some can be answered "prefer not to say"). Failure to provide this information may compromise the follow-up of your application. When you have finished click Submit at the bottom of this form.