$80K — $100K *
This position audits the company's Information Technology and Security System and is responsible for performing various audits of the information technology environment. The Sr. IT Audit Consultant supports the Department's efforts with Data Analytics, Systems and Organization Controls reviews and external audits and may provide supervisory and training support for less experienced auditors. May also assist the Manager in coordinating special projects.JOB REQUIREMENTS
Audit of Systems Development and Operational Activity
• Performs and Reviews tests of controls required for compliance with the NAIC Annual Financial Reporting Model Regulation (AFRMR), also known as Model Audit Rule.
• Conducts, leads, and reviews supporting staff's work related to all aspects of the IT and Operational audit process to include engagement planning, risk assessments, work plan coordination, risk and control identification, preparation of audit programs to fulfill the audit objectives, and testing and analysis of results.
• Responsible for obtaining an in-depth understanding of operational IT and business functions being audited. This includes the identification and assessment of risks and identifying possible manners to assess the appropriate design and operating effectiveness of controls.
• Prepares and reviews documentation (work papers) and ensures that items are filed in accordance with related standards as to support the assigned audit engagement. Ensures staff and their conclusions are appropriate to support the generation and writing of reports to Management with limited to minimal rework required.
• Raises and discusses audit observations with the applicable business owners and reaches consensus. Complies and prepares complete, detailed reports on audits and related recommendations for corrective action where identified control weaknesses exist or where established methods and procedures are not being followed adequately. Works with management to evaluate submitted responses to audit observations, and works with appropriate staff to determines acceptability. Independently performs follow-up, as required, to determine that corrective action has been taken.
• Ability to read and interpret various regulations, standards, and technical resources to support the review of:
• HIPAA and NIST frameworks
• CMS and other business regulations that support the company's operations
• IT General Controls - Physical Security, evaluate data retention, file recovery process, analyzes and tests controls (logical access, system change control, and, ascertains the adequacy of contingency/business recovery plans.
• Application and Programmatic Controls
• Actively support continued development and stewardship of the departments audit methodology/framework, building of the annual audit plan, and recommend enhancements in line with recognized and Institute of Internal Auditors standards and practices.
Data Analytics Activities
• Engage and facilitate the use of Data Analytics in support of ongoing audit activities and ad-hoc requests.
• Perform detailed reviews of staff work to validate the sufficiency of the work performed.
• Support the continued development and stewardship of the departments Data Analytics practices and recommend enhancements and practices to increase the value of the review.
SOC and IT External Audit activities
• Support the organization in the performance of its SOC related work (SOC 1 and SOC 2)
• Understand the respective standards and their application to both IT and operational areas of the organization
• Support the assignment, tracking, review and sufficiency of materials. This includes review of materials prior to being provided to external auditors to ensure quality and accuracy. Identified deviations are escalated and reviewed with the respective business areas before submission.
Miscellaneous Activities / Other Duties As Assigned
• Conducts projects or performs research and related documentation as requested by the Manager or the Director
• Provides guidance or backup on various teams.
• Provides IT support and leadership to co-workers and assistance to external auditors.
• Maintains and improves supervisory and technical proficiencies through continuing education, professional publications, and training seminars.
• Engages in or supports Risk Management activities or functions as requested (ERM, Risk Assessments, or other requested activities).
Valid through: 7/16/2020