The Internal Audit and Compliance IT Senior Auditor is responsible for performing IT general controls for SOX 404 compliance as well as IT financial and operational audits. The IA and C Senior will be responsible for supporting department Managers and/or the VP with project planning, supervision and reporting.
- Execute InternalAudit project life cycle methodology as directed by supervisors in accordance with International Standards for the Professional Practice of InternalAuditing and department policies:
- Scope – Assist with developing audit program based project-level risk assessment.
- Execution – Perform assigned audit program work steps (i.e. map process flow, document key controls, identify control gaps and/or process inefficiencies) and review work completed by staff.
- Wrap-Up – Confirm audit results are properly supported and adhere to internal quality program requirements.
- Reporting – Draft audit issues in the field and present to process owners.
- Strong focus on information technology and information security controls in executing integrated, risk-based audits to evaluate the design and effectiveness of internal controls. Auditor will also focus on the integration of IT and business process risk considerations within the audit process.
- Detailed understanding of IT managed processes, including technology architecture, system build and provisioning, configuration management, performance monitoring, incident management, change management, user access management, disaster recovery, etc.
- Evaluate key information securityrisks including confidentiality, integrity and availability of technology components through review of security operational processes, such as vulnerability management, penetration testing, security logging and monitoring, security incident response, and defense in depth strategies.
- Assures compliance with company policies and procedures, prevention of fraud, and organization of operational efficiency.
- Perform SOX assessment activities, including testing of business and IT general controls, as assigned by IA/Compliance management.
- Perform and supervise special IT projects.
- Work with process owners and application owners to develop actionable remediation plans that address the fundamental root cause.
- Adhere to budget goals, meet deadlines and communicate difficulties in a timely manner.
- Work with others or independently, as determined by needs of the project; seek guidance and confirmation of progress as required.
- Participate in knowledge sharing within the IA/Compliance Department and Company operations.
- Contribute to on-going process improvement opportunities within the IA/Compliance Department.
- Provide continuous on-the-job training, coaching/mentoring, and career growth opportunities for staff.
- Conducts internal financial and/or system audits and risk assessments.
- Test and document financial and computer system records for information system integrity and transaction accuracy.
- Reports discrepancies.
- Prepares audit plans and understands the specific issues to be evaluated.
- Executes internal audits within established business process controls.
- Develops formal written reports to communicate audit results to management and regulatory compliance agencies, if applicable and makes recommendations as appropriate.
- May facilitate work of external auditors during on-site visits.
- May require audit knowledge and skills in finance/accounting and/or information system operations.
Knowledge, Skills and Abilities:
- Audit and/or consultingexperiencein most of these areas:
- Information and data security for publicly-identifiable information
- Application security, including segregation of duties and least privileged access
- Technology infrastructuresecurity, including mainframe, UNIX/LINUX, Windows, SQL Server and Oracle database
- Integration of business process controls with supporting technologies. Business process workflow documentation, including identification of key risks and the corresponding business and technology controls
- Systems development, project management and change management
- IT infrastructure design, management and operations
- Business continuity and disaster recover
- SOX/SSAE16 control testing
- Relevant certification (i.e. CPA, CIA, CISA) or advanced degree a plus
- Knowledge of Sarbanes-Oxley requirements
- Strong knowledge of software and hardware systems and the ability to learn new systems applications quickly.
- Big Four auditexperiencepreferred.
- Knowledge of generally accepted auditing standards, generally accepted accounting principles and IFRS.
- Knowledge of COSO and COBIT frameworks, risk assessment practices and internal controls design.
- Health care industry experiencepreferred.
- Experience in performing multiple projects and working with varying team members.
- Ability to think and work analytically.
- Strong communication and writing skills.
- Proficient in Microsoft Office suite (Excel, Word, PowerPoint).
- Previous supervisory experiencepreferred.
- Advanced time management skills.
- Comfortable working in a fast-paced, dynamic environment.
- Positive Attitude, Ethics and International Values which support our company’s values, and a healthy, high performance culture.
- Accounting 3 to 4 years
- Audit 3 to 4 years
- Finance 3 to 4 years
Auto req ID