Job Summary: The Senior IT Auditor performs specialized auditing involving a broad range of complex information technology and operational functions. Utilizes in-depth knowledge of business processes, as well as process controls and risks, and understands how this relates to relevant IT, operational, and compliance audit procedures. Assumes lead role for reviews of business risk and evaluates the system of internal controls proposing recommendations to strengthen the internal control environment and/or increase effectiveness and efficiency. Possesses experience working with a variety of technology platforms and is familiar with performing network, Internet database, and technical audits.
Performs specialized auditing involving a broad range of complex information technology and operational functions.
- Assumes lead role by executing IT audit planning by developing audit programs of appropriate scope and testing procedures.
- Utilizes IT audit skills to evaluate the adequacy of the security and processing controls as they relate to each audit as well as effectiveness of general computer controls within the IT environment.
- Examines and evaluates the adequacy and effectiveness of information systems in relation to operational and compliance processes, regulatory requirements, auditing standards and organization policies, identifying weaknesses and recommending enhancements.
- Reviews the means of safeguarding information assets.
- Communicates effectively both orally and in writing sound conclusions supported by audit evidence and make recommendations to strengthen internal controls and increase efficiency, effectiveness and economy of operations.
- Performs regular follow-up and review in accordance with organization's management in accordance with Internal Audit procedures to ensure management action plans are completed within agreed upon time frames. Ensures completed action plans are evidenced to support the completed status.
- Takes a lead role by participating in an IT risk assessment process by collaborating with Internal Audit leadership and Information Technology management to complete an assessment which leads to the overall IT audit plan.
- Maintains technical adherence to external compliance mandates and assists in the development of policies and procedures.
- Analyzes and documents information systems and related controls.
- Maintains a high level of organization and planning to complete assigned projects within designated timeframes.
- Regularly researches and utilizes outside resources to maintain and update knowledge of healthcare and audit issues particularly as relates to IT auditing.
- Utilizes system software to efficiently research, document and test areas of risk.
- Works with IT management to best improve IT controls, staff education and compliance.
- Participates in continuing education activities and keeps credentials up to date.
- Works collaboratively with other staff members to ensure optimal team functionality.
- Provides status reports on a regular basis for assigned projects.
- Maintains a high level of independence and objectivity.
- Performs special audit assignments and investigations as required.
Serves as a role model in carrying out the Father Flanagan's Boys' Home mission.
- Bachelor's degree in accounting, finance, IT, IS, health care or other business-related field.
- Minimum of five years internal auditing and/or external auditing experience.
- Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC) or equivalent, preferred.
- Prior experience with IT systems, processes, internal controls and risk mitigation. Health care or health care related experience preferred.
- Knowledge of COBIT control framework and knowledge of NIST information security standards.
- Strong knowledge of general information technology controls.
- Requires highly developed communication skills to effectively work with all levels of management and staff throughout the organization.
- Ability to identify and use analysis techniques that quickly identify process gaps and can identify tactics that can be immediately applied to improve the business processes.
- Ability to identify, evaluate and recommend mitigation to significant risks with an enterprise.
- Ability to document and explain findings, risks and vulnerabilities to both business and technical stakeholders