IT Auditor 9/8/2016
Healthcare IT Company
JOB DESCRIPTIONAPPLY IT Auditor
CISSP IS NOT REQUIRED. MANAGER IS LOOKING FOR CISM, CISA, HEALTHCARE EXPERIENCE AND HITRUST, HITECH/ACA
The IT Auditor will assist the Audit Manager in executing the internal audit program by providing internal support for third party audits, pre and post-implementation of new IT system reviews, and segregation of duties reviews by:
Conduct enterprise-wide audits and coordinate accreditations, certifications, assessment, and audits by third parties, including but not limited to health plans with audit rights, external financialauditors, SSAE-16, HIPAA, HITECH/ACA, EHNAC, HITRUST, PCI, internal audits.
Analyze and classify information from third party supplier/vendors and determine remediation activities, and monitor controls to ensure they are adhered to according regulatory requirements that include relevant state and federal laws and regulations, standards, and internal policies and procedures.
Assist with legal contract due diligence for third party assurance and audit due diligence process.
* Manage existing external customer, payers, supplier/vendor relationship for monitoring annual third party due diligence requirements.
* Manage the intake, tracking, and documentation for Compliance and Audit issues and manage reporting for monthly Audit Issues Tracking and Corrective Action Plans.
* Execute audit programs covering assigned information technology aspects of the business including strategic audits, as well as identifying potential audit areas from a high level risk assessment review.
* Propose and/or participate in Audit Department process improvements.
* Perform additional projects as assigned by the Audit Program Manager.
* Work in a team environment to assist in planning and auditing in accordance with accepted standards, reporting audit findings and making recommendations for correcting and improving operations and reducing costs.
The above cited duties and responsibilities describe the general nature and level of work performed by people assigned to the job. They are not intended to be an exhaustive list of all the duties and responsibilities that an incumbent may be expected or asked to perform.
EDUCATION AND EXPERIENCE
* At least 6years of experience in audit, information security, risk and/or records management
* BS in related field or equivalent work experience in field
* One or more of the following certifications:
* Certified Information Systems Security Professional (CISSP)
* Certified Information Security Manager (CISM)
* Certified Information Systems Auditor (CISA)
SKILLS AND KNOWLEDGE
* Able to demonstrate a comprehensive understanding of HIPAA privacy and security regulations, federal and state breach notifications, and otherlaws and regulations that control the privacy and security of information
* Demonstrates expertise in a variety of the field's concepts, practices, and procedures
* Experience with SSAE-16, HIPAA, HITECH/ACA, EHNAC, PCI, HITRUST, internal financialaudits is preferred
* Strong understanding of business processes, internal control, compliance programs and audit processes
* Relies on experience and judgment to plan and accomplish goals.
* Ability to maintain confidentiality of highly sensitive information
* Must have ability to communicate audit and control related concepts to a broad range of technical and non-technical staff
* Experience with compliance and risk management
* Strong computer skills - Excel, Word, Access, PowerPoint, and SharePointrequired.
* Working knowledge of risk-based control frameworks and assurance (COBIT, ITIL, COSO) and Internal Audit methodologies and processes.
* Ability to adapt to constantly changing priorities in managing a wide variety of projects
* Ability to demonstrate initiative, accountability and leadership
* Strong analytical and problem solving skills
* Excellent verbal and written communication skills with ability to communicate at all levels of the organization
* Sound decision making ability
* Ability to influence without authority
* Excellent planning and organizational skills
* Strong organizational and time management skills
* Ability to work effectively in a remote or virtual team environment
* Working knowledge of IT audit/security evaluation techniques and tools (HITRUST, ISO17799) is preferred
* Knowledge of information technology and business process evaluation and improvement techniques.
* Thorough understanding of application controls, IT operations and controls, system development life cycle, release management control procedures, and business continuity planning.
Interact with all levels of management which may include senior management.
Ability to travel up to 5% of the time.