INTRODUCTION
Do you have the career opportunities as a Consulting IT Compliance Analyst you want with your current employer? We have an exciting opportunity for you to join HCA Healthcare which is part of the nation’s leading provider of healthcare services, HCA Healthcare.
JOB SUMMARY AND QUALIFICATIONS
Position Summary
This role is responsible for overseeing and monitoring the effectiveness of IT internal controls over financial reporting for HCA Healthcare’s Sarbanes-Oxley (SOX) and Systems and Organizational Controls (SOC) IT compliance program (i.e., performing second line responsibilities).
Responsibilities for this role include overseeing the design, implementation, effectiveness, and testing of IT general controls and IT application controls across the organization. This includes supporting the first line in executing control activities and addressing deficiencies. This also includes performing independent testing, risk assessments, and ensuring the organization remains aligned with SOX regulatory requirements.
This role is also responsible for collaborating with control owners, internal audit, and external auditors to ensure ongoing compliance with SOX requirements while driving improvements in HCA Healthcare’s IT control environment. This includes developing and delivering training and education to control owners on how to appropriately support and manage their IT SOX key controls. This also includes identifying opportunities to modernize, automate, and centralize controls testing, continuous monitoring, evidence gathering, etc.
Major Responsibilities:
- Overseeing IT general control processes in a complex IT environment entailing multiple applications, platforms, and IT processes.
- Identifying opportunities to modernize, automation, and centralization of controls testing, monitoring, evidence gathering, etc.
- Developing robust and formalized continuous compliance monitoring processes to ensure IT SOX key controls are being consistently and adequately performed.
- Formalizing and delivering training and education for first line staff on how to appropriately support and manage IT SOX key controls, including creation and maintenance of IPE.
- Partnering with stakeholders to ensure clear control ownership and accountability.
- Serving as a subject matter expert for IT general and application controls, including overseeing scoping, control design, documentation, testing, monitoring, and remediation. This also includes working with IT leaders throughout the control lifecycle.
- Identifying, tracking, and reporting on remediation of SOX-related internal audit issues.
- Working with IT application, product, business and process owners to update and/or document key control procedures.
- Ensuring annual walkthrough, testing, and remediation schedule is documented and communicated to first- and second-line teams.
- Tracking and reporting execution of schedule, including any deficiencies identified and status of remediation efforts.
- Providing oversight of IT change management processes to ensure processes to ensure appropriate design, testing, and documentation of SOX-relevant changes.
- Reviewing descriptions, controls, and testing for annual SOC reports.
- Ensuring IT-related SOX documentation is created, updated, and maintained and testing results are loaded into the company’s SOX tools.
- Analyzing data and trends to identify emerging risks and areas for improvement in internal control processes.
- Performing a risk assessment of internal controls and associated processes to identify areas of potential risk and non-compliance. Utilize outcome of risk assessment to guide controls focus, including control improvement and remediation.
- Evaluating the design and effectiveness of internal controls, including segregation of duties, access controls, and authorization processes.
- Serving as a liaison for Internal Audit and external audit activities including coordinating SOX audit activities to prevent duplicated efforts, gathering requested documentation, and serving as a trusted advisor and key point of contact.
- Ensuring company-wide periodic access reviews are completed according to schedule and inappropriate accesses are remediated.
- Staying abreast of changes in regulations, laws, and industry standards related to internal controls and risk management.
- Collaborating with other compliance and legal functions to ensure alignment and reduce control duplication across overlapping frameworks.
- Preparing and presenting periodic updates on IT SOX compliance posture, key metrics, and remediation status to senior leadership.
- Embodying the HCA mission, vision, and values, including being confident, articulate, poised, and influential, while maintaining humility & integrity.
- Supporting other compliance initiatives as needed.
Education & Experience:
- Bachelor of Science in Business Administration degree with major in Management Information Systems (MIS), Business and Information Technology, Accounting, or related field Required
- General knowledge of IT concepts, operating systems, networking, database & security Required
- Experience with regulatory compliance areas such as SOX, SOC etc. Preferred
- Excellent interpersonal skills and the ability to engage with various levels of the organization. Required
- Excellent analytical skills, organizational skills and attention to detail. Required
- Excellent verbal and written communication. Required
- 7+ years of experience in relevant IT technical or audit experience Required
- Or equivalent combination of education and/or experience
Licenses, Certifications, & Training:
- Professional or Audit Certification (CPA, CISA, CITP, etc.)
Knowledge, Skills, Abilities, Behaviors:
- Service and Quality Excellence: Ability to demonstrate an uncompromising commitment to delivering exceptional care to create an unmatched value proposition for our patients.
- Honor our Mission and Values: Ability to build trust and act with authenticity to cultivate a culture of integrity, inclusion, and mutual respect.
- Effective Decision Making: Ability to make timely, informed decisions that are in the best interest of our patients, employees, providers, community and HCA.
- Attain and Leverage Strategic Relationships: Ability to develop and strengthen collaborative relationships with both internal and external stakeholders to advance the care of our patients and the growth of HCA.
- Communicate with Impact: Ability to deliver information in a clear, concise, and compelling manner to effectively engage others and achieve desired results.
- Achieve Success through Change: Ability to identify opportunities for improvement and innovation, remove barriers and resistance, and enable desired behaviors.
- Drive Execution and Financial Results: Ability to commit to the success and financial wellbeing of HCA by challenging others to excel and hold themselves and others accountable for achieving results.
HCA Healthcare has been recognized as one of the World’s Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.
“Bricks and mortar do not make a hospital. People do."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder
If you are looking for an opportunity that provides satisfaction and personal growth, we encourage you to apply for our Consulting IT Compliance Analyst opening. We promptly review all applications. Highly qualified candidates will be contacted for interviews. Unlock the possibilities and apply today!
We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status
Linked-in
Google