IT Auditor

About The Position

Requirements

• Bachelor’s degree in Information Systems, Information Technology, Cybersecurity, Accounting, Finance, Healthcare Administration, or a related field.
• Three (3) or more years of experience in IT auditing, information security, risk management, compliance, cybersecurity, or related disciplines.
• Experience evaluating technology controls, information security practices, and IT governance processes.
• Understanding of cybersecurity principles, risk management methodologies, and internal control frameworks.
• Strong analytical, organizational, and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to manage multiple projects and priorities in a dynamic environment.

Nice To Haves

• Experience conducting IT audits within healthcare, healthcare services, or other regulated industries.
• Familiarity with NIST CSF, HIPAA Security Rule, COBIT, and other IT governance and security frameworks.
• Experience with Microsoft 365, Azure, Entra ID, and related cloud technologies.
• Knowledge of cybersecurity operations, identity and access management, and cloud security concepts.
• Experience supporting SOX compliance programs and IT General Controls testing.
• Experience working with external auditors, regulators, and compliance assessors.
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• Certified Internal Auditor (CIA)
• Certified Public Accountant (CPA)
• Healthcare Information Security and Privacy Practitioner (HCISPP)

Responsibilities

• Perform IT audits and risk assessments across infrastructure, cloud services, cybersecurity, identity and access management, disaster recovery, business continuity, and third-party/vendor risk management processes.
• Conduct walkthroughs of IT processes and systems to identify key risks, controls, and opportunities for improvement.
• Evaluate the design and operating effectiveness of technology controls and provide recommendations to strengthen the control environment.
• Assess compliance with organizational policies, regulatory requirements, and industry frameworks, including the NIST Cybersecurity Framework (NIST CSF) and HIPAA Security Rule requirements.
• Participate in cybersecurity assessments and reviews focused on security governance, vulnerability management, incident response, security monitoring, and identity management.
• Evaluate technology implementations, system upgrades, and major IT initiatives to ensure risks are appropriately identified and mitigated.
• Assist with third-party audits, regulatory examinations, and compliance reviews.
• Support enterprise risk management activities by identifying emerging technology and cybersecurity risks.
• Perform follow-up reviews to validate the remediation of identified findings and corrective action plans.
• Develop practical recommendations that balance risk reduction, operational efficiency, and business objectives.
• Support the organization’s SOX compliance program through IT General Controls (ITGC) testing and application control reviews, as applicable.
• Assist with audits related to HIPAA, privacy, security, and other regulatory requirements impacting healthcare operations.
• Evaluate compliance with internal policies, standards, and governance processes.
• Assist with evidence collection and coordination efforts related to internal and external audits.
• Support ongoing monitoring and continuous improvement of compliance and control activities.
• Prepare clear, concise, and well-documented audit workpapers, reports, and presentations.
• Communicate audit observations, risks, and recommendations to management and stakeholders.
• Build collaborative relationships across Information Technology, Cybersecurity, Compliance, Finance, and Operations teams.
• Present findings and recommendations in a professional and constructive manner.
• Maintain professional and ethical standards while safeguarding confidential and sensitive information.

Benefits

• Choice of medical, dental, and vision plans
• 401(k) plan with company match
• Free e-courses through our Learning Management System
• Training sessions and seminars