IT Internal Audit Program Manager - System Wide

About the position

At Bon Secours Mercy Health, we are dedicated to continually improving health care quality, safety and cost effectiveness. Our hospitals, care sites and clinicians are recognized for clinical and operational excellence. The primary function of this role is to lead IT internal audit projects according to the audit plan throughout the Ministry, including risk assessment, audit performance, follow-up and ongoing communication of risks, results and mitigation efforts. The position also involves developing appropriate documentation to support audit work performed and assessing information security policies and supporting processes to ensure IT compliance with regulatory requirements. Ongoing communication and collaboration with key partners including IT, Compliance, Legal, Finance and Revenue Cycle is essential.

Responsibilities

• Assists in IT risk assessment process and preparation of audit plan that focuses on high-risk areas.
• Continuously evaluates the Information Security Program including recommending updates to existing policies and procedures to ensure compliance with federal and state regulations.
• Applies current internal control conceptual frameworks such as NIST in conducting independent audits according to the audit plan and develops appropriate documentation to support audit work performed.
• Recommends content for the cyber security training program and reviews analytics, responses, and results for training administered to evaluate the effectiveness of the program.
• Periodically performs reviews of user access controls and identity access system settings and configurations focusing on standard and privileged accounts to ensure compliance with established policy and guidelines.
• Measures and tracks the results of audits performed through action plan follow-up procedures.
• Assists in the preparation of audit reports for presentations to management and governance; may present findings to management as appropriate.
• Communicates and prepares meeting agendas and status reports to facilitate discussion with immediate supervisor and upper management about audit activities in progress and emerging issues.
• Keeps current on IT industry trends and areas of interest through utilization of industry research and knowledge resources.
• Displays a commitment to excellence, accuracy and thoroughness in all activities, and participates in department process improvement efforts.

Requirements

• Undergraduate Degree in Business, information systems technology, information security, accounting or related area.
• CISA, CPA and/or CIA certification required.
• Five to seven years previous audit experience.

Nice-to-haves

• Other technical credentials such as CISSP or CISM.
• Solid analytical skills with the ability to look at the big picture impact; experience with project management is a plus.
• Experience with electronic work papers; preferably an audit automated work paper system.
• Exposure to data analytics design or construction.
• Familiarity with IT General Controls and technical knowledge and experience in network architecture, design, configuration, and implementation.

Benefits

• Comprehensive, affordable medical, dental and vision plans
• Prescription drug coverage
• Flexible spending accounts
• Life insurance w/AD&D
• Employer contributions to retirement savings plan when eligible
• Paid time off
• Educational Assistance