We are recruiting for an Information Systems Auditor to join our Internal Audit Department in Louisville, KY.
Plans, organizes and conducts information systems infrastructure audits, general controls audits, and application audits, as well as Sarbanes-Oxley compliance testing, to evaluate adherence to established policies and procedures, sound business practices, and to offer constructive analysis and appraisal of company policies, procedures, financial and operational reports, data integrity, system of internal controls, and efficiency of operations.
Assists audit management in the development of an audit plan for each audit project and reviews with audit management the objectives, risks/exposures, and scope. Prepares and/or updates audit plans, programs, and workpapers for assigned audits.
Conduct the audit as planned and document all work according to department policies and procedures. Ensure that audit findings are supported and objectives are achieved.
Appraises the effectiveness of internal controls relative to the safeguarding of assets and adherence to sound business practices and company policy.
Evaluate the adequacy of internal controls to ensure compliance with Sarbanes-Oxley (SOX)
Act requirements. Develop and implement testing procedures with audit management to ensure consistent compliance with internal controls for SOX compliance purposes.
Meets with and/or communicates with auditees regularly to ensure timely communication of audit status and audit results. Communicate all findings and recommendations to auditees throughout the audit to promote constructive change. Work with auditees to develop and recommend value added solutions. At the conclusion of each audit, presents audit findings to management by conducting exit conferences. Receive and assess corrective action responses from auditees.
Reviews the audit results and the status of the audit with any other assigned staff and audit management. Conducts detailed reviews of other staff members’ audit work as appropriate.
Prepares clear, concise, objective, and timely reports of findings and recommendations by identifying and gathering support for potential issues. The reports are reviewed with audit management for relevance, completeness, and effective communication. The completed reports are forwarded to corporate management and the Audit Committee of the Board of Directors.
Maintains knowledge of healthcare, company information, and information systems technology, as it relates to IS audit changes/techniques.
Conduct appropriate follow-up activities to ensure that management’s corrective actions have been effectively implemented.
Serve as an internal control advocate and provide advice or training to other Internal Department members and business process owners as required.
Strong interpersonal, written, and verbal communications skills. Foster a team environment with collaborative working relationships. Must be objective with high integrity.
Must be self-motivated, require minimal supervision, and possess a strong attention to detail.
Proficient computer skills, including Word and Excel. SAP and Outlook experience preferred.
Strong analytical skills necessary to develop factual reports and present findings.
Strong IT understanding (operating systems, networks, databases, applications, Internet/Intranet) and analytical skills to analyze complex business processes, application systems, and infrastructure to identify risk. Knowledge and use of computer assisted audit techniques (CAATs) is highly desirable
Knowledge of healthcare or insurance industry preferred.
Demonstrated leadership, organization, and administrative skills.
Ability to identify business risks and efficiency improvements.
Willing to work hours as needed to meet established deadlines.
Knowledge of COBIT and COSO, including IT general controls, application controls, process documentation, and risk management is highly desirable.
Approximate percent of time required to travel: 5%
Bachelor’s degree in Computer Science, Information Systems, or related field with significant IS concentration.
Master’s degree or other advanced education is preferred.
CPA, CIA, CISSP or CMA certification preferred.
2-4 years experience in IT audit, Sarbanes-Oxley compliance, or experience in an IT department in Information Security, Windows system administration, project management, application development, network administration, compliance and risk management, mobile device management, or business continuity and disaster recovery.
Sarbanes-Oxley compliance process experience, including documentation and testing of IT general controls and application controls, is highly desirable.
Affiliation with one or more of the following professional organizations is desirable: Institute of Internal Auditors, Information Systems Audit and Control Association, American Institute of Certified Public Accountants or National Association of Accountants.
Depending on a candidate’s qualifications, this position may be filled at a different level.
Kindred Healthcare, ranked as one of Fortune magazine's Most Admired Healthcare companies for eight years, is the nation's largest provider of post-acute care, enabling us to meet the health and wellness needs for Americans from hospital to home.