Job DescriptionYour RoleThe Internal Audit Services team provides independent, objective assurance and advisory services to help Blue Shield of California manage risk, strengthen internal controls, and improve business processes. The AI Internal Audit Principal will serve as a manager-level leader responsible for overseeing audit, compliance, fraud detection, and investigative work related to the use and misuse of artificial intelligence systems.
In this role, you will lead and oversee AI-focused audits looking at usage, systems, algorithms with a focus on identifying inappropriate, nefarious, fraudulent, and non-compliant activity. In this role you will essentially look for bad actors / activity via AI. Experience with fraud, compliance and investigations is preferred. The AI Internal Audit Principal will partner closely with audit leadership, business stakeholders, technology teams, data science teams, Compliance, Legal, HR, Privacy, Information Security, Corporate Security, and investigations partners to identify AI-related fraud risks, detect suspicious activity, and strengthen controls that prevent, identify, and respond to misuse of AI.
Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.
ResponsibilitiesYour WorkIn this role, you will:
- Lead AI-focused internal audits, advisory reviews, and investigative projects designed to detect inappropriate, nefarious, fraudulent, unauthorized, unethical, or non-compliant AI activity
- Develop audit and investigative methodologies for detecting fraud, insider threat, compliance violations, data leakage, unauthorized automation, and misuse of internal or third-party AI platforms
- Evaluate AI system activity, user behavior, prompts, outputs, access patterns, model interactions, system logs, configuration changes, and workflow data for indicators of bad actors or suspicious activity
- Assess controls designed to prevent unauthorized disclosure of confidential, proprietary, regulated, member, provider, employee, or business-sensitive information through AI systems
- Identify emerging AI-enabled fraud risks, including AI-assisted scams, synthetic identities, prompt manipulation, deepfakes, falsified documentation, automated abuse, model circumvention, and inappropriate use of generative AI tools
- Lead cross-functional fact-finding and root-cause reviews involving suspected AI misuse, fraud, compliance violations, inappropriate data use, or circumvention of control processes
- Design continuous monitoring approaches and analytics to identify patterns of high-risk AI usage, anomalous behavior, suspicious system interactions, and potential policy violations
- Develop risk-based audit plans, control matrices, testing procedures, investigative workplans, and evidence standards for AI fraud, misuse, and compliance monitoring engagements
- Supervise and coach audit team members, including review of investigative documentation, testing evidence, workpapers, issue summaries, and audit deliverables for quality, accuracy, and audit readiness
- Communicate fraud patterns, emerging threats, root causes, control gaps, and practical recommendations to audit leadership, business partners, technology leaders, Compliance, Legal, HR, Privacy, Information Security, and executive stakeholders
- Support annual audit planning by identifying AI platforms, business processes, high-risk use cases, data sources, and enterprise initiatives that may warrant fraud-focused audit coverage
- Drive continuous improvement in AI fraud detection playbooks, control libraries, audit analytics, investigative templates, issue rating approaches, and remediation validation procedures
- Promote ethical technology use, strong accountability, effective monitoring, compliant AI adoption, and a culture that identifies and escalates inappropriate AI activity
QualificationsYour Knowledge and Experience- Requires a Bachelor's degree in Accounting, Information Systems, Computer Science, Data Science, Business Administration, Cybersecurity, Criminal Justice, Engineering, or related field; advanced degree preferred, or equivalent experience
- Requires a minimum of 10 years of prior related experience in internal audit, IT audit, technology risk, compliance, fraud detection, investigations, information security, data governance, model risk management, or related assurance functions
- At least 3 years of experience auditing, reviewing, investigating, governing, implementing, or monitoring artificial intelligence, machine learning, advanced analytics, automation, or data-driven decision systems
- CISA certification required, or equivalent certification such as CIA, CISSP, CRISC, CISM, CPA, CDPSE, CFE, or other relevant audit, risk, security, privacy, investigations, fraud, or technology certification
- Experience conducting fraud investigations, compliance reviews, insider threat investigations, suspicious activity monitoring, intelligence analysis, or forensic-style reviews preferred
- Strong understanding of internal audit standards, investigative documentation, audit evidence, risk assessment, control testing, issue development, root-cause analysis, remediation validation, and defensible reporting
- Working knowledge of AI misuse risks, including prompt manipulation, data leakage, model abuse, unauthorized automation, synthetic content, deepfakes, social engineering, inappropriate data use, and circumvention of controls
- Experience using analytics platforms, AI models, machine learning techniques, SQL, Python, Databricks, Tableau, log analytics, or similar tools to identify anomalous or suspicious behavior preferred
- Knowledge of healthcare fraud, financial fraud, cyber fraud, identity fraud, employee misconduct, vendor risk, third-party technology risk, or corporate investigations strongly preferred
- Ability to translate technical AI, data, and system activity into clear audit risks, investigative findings, control gaps, and practical recommendations
- Strong project management skills, including the ability to manage multiple audits, investigations, timelines, stakeholders, and deliverables
- Experience supervising, coaching, or reviewing the work of auditors, consultants, analysts, investigators, or cross-functional project teams
- Strong written and verbal communication skills, including experience presenting sensitive or complex issues to senior leadership
HybridThis role requires employees to be in-office based on our hybrid workplace model, balancing purposeful in-person collaboration with flexibility. For most teams, this means coming into the office two days each week. Employees living more than 50 miles from an office location will work with their manager to determine in-office time based on business need.
Physical Requirements:Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day.
Please click here for further physical requirement detail.