Job description
POSTION SUMMARY
Responsible for leading and performing various audits of the information technology environment. Supports and Leads the Department’s efforts with Data Analytics, Systems and Organization Controls Review, and external audits. Also provide supervisory and training support for Senior and Staff auditors, and assists the Manager in performing detailed reviews of work papers and coordinating special projects.
Responsible for leading and performing various audits of the information technology environment. Supports and Leads the Department’s efforts with Data Analytics, Systems and Organization Controls Review, and external audits. Also provide supervisory and training support for Senior and Staff auditors, and assists the Manager in performing detailed reviews of work papers and coordinating special projects.
ESSENTIAL DUTIES & RESPONSIBILITIES
- Audit of Systems Development, Operational, and Business Activity: Scopes, Leads, Performs and assess impact related to tests of controls required for compliance with the NAIC Annual Financial Reporting Model Regulation (AFRMR), also known as Model Audit Rule. Independently facilitates all aspects of IT and operational audit process to include engagement planning, risk assessment work plan coordination, risk and control identification, preparation of audit programs to fulfill the audit objectives, testing, and analysis of results, and report writing. Responsible for obtaining an in-depth understanding of each business and/or function being audited and the identification and assessment of related risks. This position is also tasked with development of detailed assessment of operational and IT controls to possibly mitigate and ensure the effectiveness of the control environment. Reviews staff documentation (work papers) and ensures that items are filed in accordance with related standards as to support the assigned audit engagement. Ensures staff and their conclusions are appropriate to support the generation and writing of reports to Management with limited to minimal rework required. Raises and discusses audit observations with the applicable business owners and executive management to reach consensus and address issues. Complies and prepares complete, detailed reports on audits and related recommendations for corrective action where identified control weaknesses exist or where established methods and procedures are not being followed adequately. Evaluates submitted responses for reasonableness related to audit observations, and directly works with business areas to address deficiencies. Independently performs and coordinates follow-up activities and escalates as appropriate for incomplete corrective actions. Reads, interprets, and applies various regulations, standards, and technical resources to support the review of: HIPAA and NIST frameworks. CMS and other business regulations that support the company’s operations. IT General Controls - Physical Security, evaluate data retention, file recovery process, analyzes and tests controls (logical access, system change control, and, ascertains the adequacy of contingency/business recovery plans. Application and Programmatic Controls Directly supports the Audit planning process and continued development and stewardship of the departments audit methodology/framework. Identifies and implements enhancements in line with recognized and Institute of Internal Auditors standards and practices.
- SOC and IT External Audit: Experience and exposure to a varying degree of SOC work and has deep understanding of the related AICPA guidance supporting SOC materials. Assist the organization in the determination and approach related to the use of SOC reports. Leads the assignment, tracking, review and sufficiency of materials for the SOC and IT external Audit work for Capital BlueCross and as directed support subsidiary activities. This includes review of materials prior to being provided to external auditors to ensure quality and accuracy. Identified deviations are reviewed with the respective business areas before submission to ensure documented understanding. Provides direction and guidance, in conjunction with IT Security related to SOC 2 work.
- Data Analytics Activities: Leads, Reviews, and engages in the facilitation and use of Data Analytics in support of ongoing audit activities and ad-hoc requests. Looks to automate the gathering of data and analysis in support of audit activities and departmental awareness and expedite the audit process. Perform detailed reviews of staff and seniors to validate the completeness and sufficiency of the performed work. Support the continued development and stewardship of the departments Data Analytics practices and recommend enhancements and practices to increase the value of the review.
- Miscellaneous Activities / other duties as Assigned: Conducts projects or performs research and related documentation as requested by the Manager or the Director. Provides guidance or backup on various teams. Provides IT support and leadership to co-workers and assistance to external auditors. Maintains and improves supervisory and technical proficiencies through continuing education, professional publications, and training seminars. Engages in or supports Risk Management activities or functions as requested/directed (ERM, Risk Assessments, or other requested activities).
JOB REQUIREMENTS
Experience:
- Minimum 7 years' work experience as an Information System Auditor, Software Engineer, Technology Specialist, IT Security Professional, or IT Project Manager.
- Experience and working knowledge in auditing techniques and accounting and control procedures.
- Experience in healthcare and/or health insurance industry preferred.
- Detailed knowledge and experience in industry standard tools to perform.
- Public Accounting experience requested, Big four a plus
- Experience and understanding of SOX-404 or the NAIC AFRMR – explicit ability to identify organizational impact of identified control deviations.
- Experience and working knowledge in application planning, design, testing, and implementation procedures.
- Experience and working knowledge in auditing techniques and accounting and control procedures and techniques.
Education and Certifications:
- Bachelor’s Degree with concentration in Accounting or Computer Science
- Certification as an Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Public account (CPA), or Internal Auditor (CIA) or in the process of pursuing the completion of such a designation.
Skills:
- Detailed understanding and exposure to System and Organizational Control
- Ability to communicate effectively both orally and in writing and to establish and maintain effective working relationships.
- Effective in managing upward and downward within respective organization
- Proven track record in speaking to diverse groups within the organization including senior level management and organization staff and maintain an effective working relationships.
- Ability to lead a team of matrixed professionals through ambiguous or unstructured situations and oversee and review their activities in line with professional standards and project objectives in order to deliver on time.
Knowledge:
- Detailed understanding and exposure to System and Organizational Control
- General technical understanding and work experience in support of IT Genera) engagements related to both business and operational process and It General controls as well as applicable criteria.
- Technical understanding and work experience in support of IT Controls audits, Large Claims systems, Application Control reviews, Business Process, and Systems Architecture.
Physical Demands:
- While performing the duties of the job, the employee is frequently required to sit, use hands and fingers, talk, hear, and see.
- The employee must be able to work over 40 hours per week.
Capital BlueCross is an independent licensee of the BlueCross BlueShield Association. We are an equal opportunity/affirmative action employer and do not discriminate on the basis of race, color, religion, national origin, gender, sexual orientation, gender identity, age, genetic information, physical or mental disability, veteran status, or marital status, or any other status protected by applicable law.
blackflymedia.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, blackflymedia.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, blackflymedia.com is the ideal place to find your next job.