We are looking for a Senior IT Auditor to support audits across McKesson. The ideal candidate will work collaboratively with the Internal Audit team in a dynamic fast-paced environment using McKesson's risk-based audit approach. This position will also support the strategic goals and initiatives of the organization and department. Strong communication skills are critical in this role since the Senior IT Auditor will interact with many levels of management and leadership throughout the organization. Experience and understanding of cybersecurity risks is vital to the success of this role.
Conducts in-depth IT and cybersecurity audits to support the enterprise cybersecurity strategy – audits may include network assessments, business continuity and disaster recovery, patch and vulnerability management, Industrial Control Systems (ICS), vendor management, and IT asset management.
Conducts integrated and information technology audits, including pre-implementation, post-implementation, and program governance reviews.
Collaborates effectively with other team members using McKesson's risk-based audit methodology to plan audits, perform tests of controls, and deliver audit results. This may include interaction with other risk assessing organizations such as Compliance and Information Systems Risk Management.
Documents results of review in Internal Audit's automated work paper format.
Ensures the clear and concise communication of audit issues to process owners, management, and leadership. Reviews audit issues with auditees to ensure completeness, accuracy, and appropriate presentation.
Utilizes problem solving skills to recommend improvements to processes under audit.
Obtains and reviews action plans from business unit process owners and management. Ensures that these action plans fully address issues observed during the audit.
Assists in the development of the audit report to clearly and concisely communicate audit results and recommendations to management.
Assists Internal Audit management to develop status decks and reports for presentation to business unit leadership.
Leads post engagement issue follow up and resolution.
Supports process improvement initiatives for the Internal Audit team.
2 + Years audit or related experience – including technical IT and cybersecurity experience
"Big 4" or "Tier 2" public accounting firm, Fortune 100 Internal Audit department preferred, or a combination of this experience
Experience applying ISACA and IIA audit methodologies to perform audits.
Experience reviewing and applying the National Institute of Standards and Technology (NIST) cybersecurity framework.
Must possess excellent written and verbal communication skills. Ability to effectively communicate, in clear and concise language, IT audit results to all levels of management, including senior leadership. The ideal candidate must possess a high attention to detail and accuracy when writing audit reports and other communications.
IT audit skills including experience with pre and post system implementation reviews, internal readiness assessments, project management skills, knowledge of general computer and application controls.
Ability to sometimes work independently and handle multiple priorities in a fast-paced environment.
Willingness and ability to learn methodologies for auditing new technologies through classroom training, on-the-job experience, and self-study.
Additional Knowledge & Skills:
Auditing policies and systems; experience with large scale deployments of SAP, JD Edwards, or Workday; skills in auditing Windows and Unix operating systems, with the ability to audit other operating systems, as the need arises; audit knowledge of MS SQL, MySQL, and Oracle databases; experience auditing controls within virtual technologies such as VMWare; experience with auditing network technologies such as firewalls, routers, and switches.
Experience with auditing mobile and cloud technologies such as SaaS, PaaS, and IaaS.
Experience in auditing third party service providers.
Business process analysis skills, with proven experience in performing assessments for the revenue, payroll, expenditure, inventory, and financial statement close processes in a manufacturing and/or healthcare services setting.
Segregation of duties analysis for applications within various business cycles and general computer control environments.
Knowledge of laws and regulations applicable to the healthcare industry, such as the HIPAA Privacy and Security rules.
Self-motivated, with the ability to work independently, as the need arises.
Willingness to travel up to 25% of the time
4-yeardegree in business or related fields such as computer science, management information systems, accounting, or finance
Certified Information Systems Auditor (CISA) designation, or willingness to take the exam within one year of start date.