Sr IT Auditor

at  CAPITAL BLUE CROSS

Position Description:
At Capital Blue Cross, we promise to go the extra mile for our team and our community. This promise is at the heart of our culture, and it’s why our employees consistently vote us one of the “Best Places to Work in PA.”
Responsible for performing various audits of the information technology environment. Supports the Department’s efforts with data analytics, Systems and Organization Controls reviews and external audits. Also provide supervisory and training support for Senior and Staff auditors and assists the Manager in performing detailed reviews of work papers and coordinating special projects.

Responsibilities and Qualifications:

• Executes Audits of Systems Development, Operational, and Business Activity. Scopes, leads, performs and assesses impact related to tests of controls required for compliance with the NAIC Annual Financial Reporting Model Regulation (AFRMR), also known as Model Audit Rule. Independently facilitates all aspects of the IT and operational audit process to include engagement planning, risk assessments, work plan coordination, risk and control identification, preparation of audit programs to fulfill the audit objectives, and testing and analysis of results, and report writing. Identifies and assesses risks of each business and/or function being audited. Reads, interprets, and applies various regulations, standards, and technical resources (HIPAA, NIST, CMS etc.). This position is also tasked with development of detailed assessment of operational and IT controls to possibly mitigate and ensure the effectiveness of the control environment. Reviews staff documentation (work papers) and ensures that items are filed in accordance with related standards as to support the assigned audit engagement. Raises and discusses audit observations with the applicable business owners and executive management to reach consensus and address issues. Complies and prepares complete, detailed reports on audits and related recommendations. Directly supports the audit planning process and continued development and stewardship of the departments audit methodology/framework. Identifies and implements enhancements in line with recognized and Institute of Internal Auditors standards and practices.
• Implements Data Analytics Activities. Leads, reviews, and engages in the facilitation and use of data analytics in support of ongoing audit activities and ad-hoc requests. Support the continued development and stewardship of the departments data analytics practices and recommend enhancements and practices to increase the value of the review.
• Coordinates SOC and IT External Audit. Leads the assignment, tracking, review and sufficiency of materials. Reviews materials prior to providing to external auditors to ensure quality and accuracy. Identified deviations are escalated and reviewed with the respective business areas before submission.

SKILLS:

• Demonstrated ability to evaluate regulatory, operational, financial and compliance areas of the company for purposes of facilitating IT Compliance, Cyber Security, and IT Audit.
• Proven track record in speaking to diverse groups/levels within the organization (including executive/senior level management, organization staff, and external auditors) and maintaining the ability to have an effective working relationship.
• Demonstrated ability to lead a team of matrixed professionals through ambiguous or unstructured situations and oversee and review their activities in line with professional standards, project objectives, and in order to deliver high quality deliverables on time.

KNOWLEDGE:

• Knowledge of Institute of Internal Audit Standards
• Knowledge and experience with audit software applications, (e.g., Teammate).
• Detailed understanding and exposure to System and Organization Control (1&2) engagements related to both business and operational process and IT General controls as well as applicable trust services criteria.
• Technical understanding and work experience in support of IT General Controls audits, Application Control reviews, Business Process, Systems Architecture, and Large Claims system
• Experience and understanding of SOX-404 or the NAIC AFRMR - explicit ability to identify organizational impact of identified control deviations.
• Experience and working knowledge in application planning, design, testing, and implementation procedures.
• Experience and working knowledge in auditing techniques and accounting and control procedures and techniques.
• Knowledge of data analysis tools (e.g. ACL, SAS) and applying IT audit methodologies to analyze large datasets.

EXPERIENCE:

• 5 years’ experience as an Information System Auditor, Software Engineer, Technology Specialist, IT Security Professional, or IT Project Manager.
• 2 years’ experience in public accounting or internal audit, Big Four a plus

EDUCATION AND CERTIFICATIONS:

• Bachelor’s Degree with concentration in Accounting or Computer Science.
• Certification such as: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Public Account (CPA), Certified Internal Auditor (CIA). Note: May be substituted with documented years of services and appropriate work experience (10 plus).

• Executes Audits of Systems Development, Operational, and Business Activity. Scopes, leads, performs and assesses impact related to tests of controls required for compliance with the NAIC Annual Financial Reporting Model Regulation (AFRMR), also known as Model Audit Rule. Independently facilitates all aspects of the IT and operational audit process to include engagement planning, risk assessments, work plan coordination, risk and control identification, preparation of audit programs to fulfill the audit objectives, and testing and analysis of results, and report writing. Identifies and assesses risks of each business and/or function being audited. Reads, interprets, and applies various regulations, standards, and technical resources (HIPAA, NIST, CMS etc.). This position is also tasked with development of detailed assessment of operational and IT controls to possibly mitigate and ensure the effectiveness of the control environment. Reviews staff documentation (work papers) and ensures that items are filed in accordance with related standards as to support the assigned audit engagement. Raises and discusses audit observations with the applicable business owners and executive management to reach consensus and address issues. Complies and prepares complete, detailed reports on audits and related recommendations. Directly supports the audit planning process and continued development and stewardship of the departments audit methodology/framework. Identifies and implements enhancements in line with recognized and Institute of Internal Auditors standards and practices.
• Implements Data Analytics Activities. Leads, reviews, and engages in the facilitation and use of data analytics in support of ongoing audit activities and ad-hoc requests. Support the continued development and stewardship of the departments data analytics practices and recommend enhancements and practices to increase the value of the review.
• Coordinates SOC and IT External Audit. Leads the assignment, tracking, review and sufficiency of materials. Reviews materials prior to providing to external auditors to ensure quality and accuracy. Identified deviations are escalated and reviewed with the respective business areas before submission