Functions as a highly skilled internal control consultant responsible for conducting internal information technology (IT) audits/reviews, providing risk education and project consulting services on behalf of the corporation to mitigate risk and assess the control environment of each auditable unit. Provides supervision and training for lower level IT audit staff.
Conduct internal audits and reviews on behalf of the corporation to identify risks, document established controls to mitigate risk and assess the control environment of each auditable unit. Lead and coordinate audit efforts to ensure successful and timely completion of assignments. Communicate issues, audit results, and recommendations in a clear and concise manner to appropriate levels of operating, IT, and executive management, including activity updates to the Audit Committee of the Board of Directors. Meet or exceed annual goals for deliverables (audit committee reports). Train, educate, supervise, and assist in evaluating new and lower level IT audit staff. Facilitate project risk assessments and lessons learned sessions. Participate in divisional or departmental infrastructure projects as assigned. Maintain working knowledge of information technology pre-production (e.g. system development life cycle, change control, operating systems, applications and security) and post- production (e.g. operating systems, applications, security and data center operations) controls. Conduct effective and efficient IT and project audit work. Provides recommendations to improve the control environment. Effectively applies audit methodologies, policies, and procedures applicable to BCBSM and subsidiaries (e.g., BCN, Dentemax). Suggests improvements to audit methodologies, policies, and procedures to incorporate lessons learned. Prepare complete and accurate audit workpapers in a timely manner. Maintain a thorough and current understanding of project management methodologies applicable to BCBSM and subsidiaries (e.g., BCN, Dentemax). Maintain a thorough and current understanding of auditing principles and applications as derived from standards for the professional practice of internal and information technology auditing [i.e. Institute of Internal Auditors (COSO), the Information Systems Audit & Control Association (COBIT), and the Project Management Institute]. Ability to develop, maintain and report against a work plan, as work progresses, given scope and objectives. Other duties may be assigned.
Audit programs (risk matrices)
Risk assessment reports
Project assessment reports
Created control framework/mapping
Testing control matrices
Bachelor's Degree in Accounting, Business Administration, Finance, Management Information Systems, Healthcare Administration or closely related field required.
Five (5) years related experience, which includes three (3) years of IT auditing experience.
Strong understanding of project management and information technology background.
Two years of BCBSM experience preferred.
Professional Audit Certifications CIA, CISA, CCSA, or CISSP preferred.
Valid and unrestricted driver's license required.
Excellent analytical, organizational, verbal and written communication skills.
Ability to solve problems in a dynamic team environment and handle multiple assignments in a timely manner.
Experience in conflict management skills necessary to resolve issues where corporate areas are in disagreement.
Proficient in current industry standard PC applications (e.g., Microsoft Office) including automated workpaper system (i.e., TeamMate).
Ability to effectively interface with various levels of management internally and as well as contacts outside the organization.
Must be able to travel to other BCBSM facilities and vendor sites to meet with operating or audit personnel.
Other related skills and/or abilities may be required to perform this job.
All qualified applicants will receive consideration for employment without regard to, among other grounds, race, color, religion, sex, national origin, sexual orientation, age, gender identity, protected veteran status or status as an individual with a disability.