The IT Auditor provides support of the coordination for Internal Controls, Assessments and Audits. These audits generally entail 100+ distinct programs with thousands of underlying activities requiring coordination. This position facilitates information technology control assessments and compliance activities including but not limited to: leading efforts and contributing to the documentation of systems and controls and technical risk assessment evaluation. Position conducts IT pre-audit activities, remediation management and tracking, and compliance reporting. Tasks related to information assurance are also performed including, but not limited to: identification of vulnerabilities, remediation and mitigation, analysis of hardware and software vulnerabilities, identification of priorities, documentation and conveyance of operational requirements to enhance control capabilities. This position will also support the Service Organization Control (SOC) 2 and SOC 2+ assessments based on most recent AICPA, PCAOB and US Audit guidelines and standards across the enterprise for major systems supporting the companys critical technical and business processes (i.e. Enrollment, Claims, Billing, EDI, Security and Provider Pricing). These assessments are highly complex, nuanced, and require a thorough understanding of risk and system/application and business internal controls and processes that span across Business areas.
Completion of control reviews and/or audits.
Drive activities for planning and executing integrated reviews and/or audits as well as IT compliance specific reviews and/or audits (general computer controls, application controls, agreed upon procedures, SOC 2, process improvement, control self-assessment, operational, compliance, etc.).
Analyze and evaluate IT operations and strategies to identify opportunities for improvement in processes and outcomes, and provide technical audit advice relating to systems/operations; systems development, design and controls; systems security; change/project management; business process improvement; complex integrated systems and related computer applications; disaster recovery; across various technical environments (e.g. IBM mainframe, Unix and Windows NT).
In advance of formal audits conducts pre-audits and inspections of the organizations processes to ensure performance and adherence to quality requirements, company policy and identify potential or existing risks/problems. Documents findings and makes recommendations for improvements to address know deficiencies.
Assure deficiencies are appropriately addressed.
Thorough review and/or audit assignments, identify and maintain a repository of best practices and benchmarking information related to IT business operations.
Maintain a repository of audit issues and relative corrective action plans and update management on outstanding issues and potential risks on a scheduled basis
Interfaces with and assists outside auditors to expedite their work.
In conjunction with internal and external audit teams participate in and conduct walk-through activities/meetings, entrance and exit conferences with auditors, and auditees.
Demonstrate the ability to collect evidence for purposes of satisfying audit requests and ensuring the evidence provide adequately addresses and satisfies the audit requirement. Organizational skills are a must.
Prepares and/or participates in the creation of audit reports, documents findings, recommendations, and creates presentations as requested including using and leveraging the GRC tool and repository.
Create management action plans in conjunction with leadership to address identified deficiencies in a timely manner.
Track and monitor remediation activities to satisfy and bring closure to internal and external audit Issue Memorandums (IM).
Participate in continuous monitoring and improvement activities to assure continued compliance with changing audit and compliance standards.
Establish and maintain close working relationships with control owners, internal audit and external audit.
Develop teamwork and synergies among personnel throughout the organization working closely with counterparts within CAAS and the Finance SOC 1/MAR audit teams; as well as external regulatory agencies and audit firms.
Participate in consultative assignments specific to ensure adequate internal controls are incorporated prior to implementation and risks are appropriately considered at the process and enterprise levels.
Provide technical advice to technical teams in the development or modification of internal systems controls during systems development or enhancement.
Provide consulting services and best practices to drive continuous improvement to internal processes and controls.
Ability to update and navigate within MetricStream for purposes of organizing and structuring audit evidence and coordination amongst stakeholders throughout the organization.
Performing moderate complex special projects as assigned by management including, but not limited to Corporate Initiatives and day to day projects pertaining to audit and non-audit activities.
Participate and support special projects in a preventative control capacity consisting of business process improvements, reengineering and corporate initiatives conducting requirement analysis, risk assessments and quality assurance reviews identifying control gaps or issues that impact established control objectives as well as other auditing standards for both internal and external audits.
Over 100+ internal audits, risk assessments and regulatory audits are conducted annually of critical systems, security, business and technical processes and controls. This position will participate in assessments across the enterprise and conduct assessments within the Division, for major systems supporting the companys critical technical and business processes (i.e. Enrollment, Claims, Billing, Electronic Data Interfaces (EDI), Security and Provider Pricing). These assessments are highly complex, nuanced, and require a thorough understanding of risk and system/application and business internal controls and processes that span across all Business areas. This position will interact at various levels throughout organization, with external audit firms, regulatory agencies and vendors. This position is responsible for point-to-point communication and consistency throughout many audits, analysis, reporting, problem solving and performance review - and highly visible to all and Business management. It is expected this role will participate in establishing and maintaining continuously evolving audit and compliance standards delivering mission critical services.