Home / Training and Events / Careers Home / Career Centre Job Board

CAREER CENTRE JOB BOARD

Today is the first day of your career.

Today you take it to the next level. These tools below will get you on your way.

IT Assurance Manager
Health New England
SAVE savedJobs
SAVE savedJobs

IT Assurance Manager

Health New England

Gmail Email Print
Application
The application opened in a new tab.
By using this feature you agree to our Terms and Conditions and Privacy Policy.
Details
Posted:
January 12, 2021
Location:
Springfield, Massachusetts
PayScale
Type:
Full Time - Experienced
Currency:
United States, Dollar (USD)
Region:
United States
Categories:
IT Audit, Information Security, Risk Management

Summary:

The IT Assurance Manager is responsible for leading the day-to-day execution of IT-related control assessment or control readiness activities and projects associated with external audits, internal audits and service organization reports (e.g. SSAE 18 – SOC1). The Manager oversees continuous improvement efforts to meet state and federal regulatory standards, including HIPAA, and achieve IT control best practices.  Works collaboratively with Information Technology and operational management to develop right-sized solutions, analyzes IT-related control incidents, presents assessment results to senior leadership team members for risk response or acceptance, and plays an integral role in facilitating and validating corrective action implementation and ensuring remediation. 

The IT Assurance Manager represents Heath New England as the key point of contact and liaison for IT Assurance-related external audit and consultant engagements including management of the annual HIPAA risk assessment and SSAE 18/SOC1 reviews.  The Manager is expected to builds strong relationships with external auditors/consultants and develop a thorough understanding of Health New England’s information system and control structure to validate appropriateness when risks or weaknesses are identified. 

This position reports directly to, and will actively collaborate with, the Director of Risk and Assurance Management, will have a prominent role in reporting to the Audit and Compliance Committee, and is expected to exercise a high degree of independent judgment. 

Essential Functions: 

IT Control Assurance and Monitoring

  • Collaborates with the Director of Risk and Assurance to develop an internal audit process and execute annual IT audit projects
  • Works in conjunction with internal financial auditor to ensure coverage and testing is in place to achieve adequate Model Audit Rule (MAR) compliance, including annual access recertification
  • Evaluates control deficiencies as identified and reported in internal/external assessments and collaborate with management to develop appropriate corrective actions
  • Effectively communicates and escalates, as necessary, any control deficiencies, gaps or at risk actions
  • Partners with internal information technology business owners to discuss and evaluate implementation of IT controls, collectively develop deployable solutions, and to report to the leadership team
  • Assesses corrective action plan control improvements and verifies they have been implemented effectively, and reports status and concerns to the leadership team
  • Works directly with process owners and management and participates in walkthroughs of IT control processes and system controls (e.g., planning, systems development and product selection) to assist in the design and implementation of controls (manual and automated) in IT processes and systems in light of risks, strategic objectives, and regulatory requirements. Prepares reports for leadership that represent process understanding and recommended control improvements or actions

IT Assurance Audits, Engagements, and Risk Assessments

  • Serves as the internal liaison with auditors/consultants for the annual SOC1/SSAE-16 IT audit, IT Components of the annual financial audit, and annual HIPAA Security risk assessment by building internal relationships, overseeing document requests, and providing guidance to operational owners in response to external findings
  • Evaluates initial findings from external auditors/consultants in their documentation and/or system understanding. Works with external auditors/consultants to ensure risk and impact is accurate prior to final reporting. Facilitates and assists in the preparation of audit and compliance-related reports, regulatory filings, and management response to internal/external audit as needed

IT Assurance Strategy

  • Assists the Director of Risk and Assurance Management in the ongoing development of strategic planning and implementation of IT Control Monitoring and Assessment Program
  • Provides key input to annual department goals and work plans for Committee-level approvals
  • Manages and directs staff
  • Monitors industry, legislative and regulatory trends for potential impact and risk in the existing environment

IT Assurance Policies and Procedures

  • Develops and maintains department policies and procedures as appropriate
  • Evaluates IT Security policies and procedures and provides improvement recommendations to IT Business Owners

 

Bachelor’s degree in Computer Science, MIS or related field with five years of relevant experience in information security, technology, risk management, compliance or consulting in a complex technology environment; or an equivalent combination of education and experience.

  • Demonstrated leadership experience
  • Advanced business and IT processes, IT risk management, and information security experience required.
  • Detailed knowledge of industry regulatory environment (e.g. HIPAA, CMS, EOHHS) required
  • Broad understanding of audit, control, and security standards (e.g., AICPA, ISACA / COBIT, etc.) required.
  • Solid grasp of concepts on a wide array of technology platforms, controls (ex: ITIL) and IT processes (ex: AGILE, SDLC).
  • Considerable knowledge of, and skill in applying, internal auditing principles and practices, management principles and preferred business practices
  • Demonstrated knowledge of security controls for network, database, application and operating systems.
  • Knowledge of network architectures and design, administrative, technical and physical security controls, Windows Active Directory, Windows server; database and application architecture
  • Ability to earn trust of sponsors and key stakeholders; mobilize and motivate teams; set direction and approach; resolve conflict; execute with limited information and ambiguity
  • Ability to think through complex problems, determine proper analytical processes and procedures, independently derive conclusions and present results to management.
  • Must be able to summarize and communicate technical data to a non-technical audience

 

NOTES:

Additional Salary Information: Salary plus bonus plan
Internal Number: 1167
About Health New England
At Health New England, our mission is to improve the health and lives of the people in our communities, and we are deeply committed to the individuals we serve every day. Based in Springfield, Massachusetts, we have been meeting the health care needs of our members for more than 35 years. Our passion is taking extraordinary care of our members. Everything we do is built around this simple, deeply held belief. With a strong focus on excellence of care, Health New England is a not-for-profit health plan that protects employers and individuals in the commercial, Medicaid and Medicare markets. We proudly provide health care coverage for approximately 170,000 members. HNE’s service area in Massachusetts includes Franklin, Berkshire, Hampden and Hampshire counties and part of Worcester County. We also serve Hartford, Litchfield and Tolland Counties in Connecticut. Learn more at www.healthnewengland.org.
More Jobs Like This
Assistant Director, Technology Risk and Assurance   Vancouver, British Columbia, Canada
University of British Columbia | Internal Assurance | Office of Enterprise Risk and Assurance 4 Days Ago
Senior Analyst, IT Auditor   Plano, Texas
Toyota Motor North America 1 Week Ago
Information Security Compliance Manager, Information Security Function, Enabling Functions - London   London, United Kingdom
Deloitte Yesterday
BACK TO TOP
ISACA Career Centre is Just One of the Benefits.
Discover what else ISACA has to offer!
Networking
Certifications
Training
The job you are trying to reach from was originally posted at ISACA Career Centre.
Help is on the way!
We're sorry you are having trouble applying for this job.

Please try loading this job using the following link before submitting your help request:
Powered By Naylor Association Solutions




Quick Links

Why ISACA

FAQsNewsroom
About Us
Leadership and Governance
Participate and Volunteer