The Information Technology Controls and Compliance (ITCC) practice at Centene is an important function within IT that promotes accountability, improves oversight and ensures monitoring of IT controls, which includes Sarbanes-Oxley Act (SOX), service auditor reports (SOC1 and SOC2) and large group audits.
The lead position will support the implementation and ongoing maintenance of IT controls and compliance. The position is responsible for consulting on control design, monitoring control performance, facilitating user access reviews, reporting IT risks and helping to provide remediation governance. Other responsibilities may include support of compliance projects, such as Sailpoint IIQ, Archer GRC, Public Cloud projects, Compliance Analytics and Robotic Process Automation. Serve as primary liaison between internal and external auditing bodies, IT management, compliance and business stakeholders
- Serve as primary liaison between internal and external auditing bodies, IT management, compliance and business stakeholders
- Conduct assessments of IT risks and controls
- Partner with IT leaders to design application and system level controls in adherence to best auditing and security practices
- Monitor and evaluate controls for effectiveness to mitigate areas of risks
- Support scheduled audits (HIPAA, SOX, SOC1, and various State Department of Insurance audits) with facilitation of evidence requests, walk-throughs, remediation and management responses
- Coordinate appropriate measurement efforts for process improvement
- Lead remediation governance meetings with senior leaders
- Support projects as a subject expert to ensure controls and compliance requirements are met
- Serve as the lead for entire full life cycle audit plans and projects, including deployment, implementation and closure
- Monitor, audit and evaluate controls for effectiveness and efficiency to mitigate areas of risks
- Assess application risks, system risks and data processes within IT and address risks with applicable general controls or recommend solutions
- Complete optimization reviews and prepare audit reports associated with the completion of scheduled audits (HIPAA, SOX, SOC1, and various State Department of Insurance audits)
- Design application and system level controls in adherence to best auditing and security practices
- Interact with business owners to identify key controls and coordinate appropriate measurement efforts for process improvement
- Serve as primary liaison between auditing bodies, IT security management, compliance and business stakeholders
- Establish new or improved methods design patterns and standards to solve complex problems
- Assist with implementation of department strategy related to information systems and technology architecture
- Bachelor's degree in IT, MIS, Accounting, Finance, Business Administration, related field or equivalent experience.
- 5-7+ years of combined IT and operational auditing and control experience, including systems design or implementation experience.
- Experience in control design, development, automation, and assessment in IT systems, processes, and new implementations.
- Experience in coordinating and planning IT audits.
- Experience with specialized tools, including Oracle, MS SQL Service, MS Project and MS Office applications.
- Experience in managing complex, cross-organizational technical programs.
- Knowledge and understanding of various IT disciplines (e.g. software development, operations, infrastructure and information security). Experience with HIPAA (Health Insurance Portability and Accountability Act), SOX (Sarbanes Oxley), SSAE 16 (Statement on Standard for Attestation Engagements), ISO 27000, ITIL (Information Technology Infrastructure Library) or NIST (National Institute of Standards and Technology).
Preferred Skills and Experience:
- A minimum of five years of experience in any of the following areas: internal or external IT audit, risk assessment, or IT security
- Prior experience in conducting IT control assessments or audits; Sarbanes-Oxley (SOX) or Service Organization Control (SOC 2) experience preferred
- Demonstrated experience understanding of security principles, IT security controls, and related technologies and products
- Bachelor's degree in an appropriate field from an accredited college/university
- Strong leadership and communication skills, technical knowledge, and the ability to write at a publication quality level in order to communicate findings and recommendations to senior management team
- CISA, CISM, CRISC, CISSP or CCSP is preferred