IT Internal Audit Lead

About The Position

Requirements

• Bachelor’s degree in Information Systems, Computer Science, Accounting, Finance, or a related field.
• 5–7+ years of experience in Internal Audit, IT Audit, or external audit (Big 4 or national firm strongly preferred), with substantial: SOX ITGC ownership, and hands on IT audit or technology risk assessment experience.
• Experience auditing ERP environments (e.g., SAP, Oracle), key business applications, and supporting infrastructure preferred.
• Industry experience in healthcare, provider services, pharmacy services, or other regulated environments preferred.
• CISA strongly preferred; CIA or CPA a plus
• Strong knowledge of ITGCs, SOX/PCAOB expectations, COSO, COBIT, and IIA/ISACA standards.
• Experience evaluating IT dependent manual controls, automated controls, system interfaces, and reports used as IPE.
• Proficiency with audit management platforms (e.g., Workiva, AuditBoard, TeamMate).
• Strong analytical and data evaluation skills; familiarity with data analytics or continuous auditing concepts is a plus.
• Excellent written and verbal communication skills, with the ability to explain technical concepts to non technical stakeholders.

Nice To Haves

• Experience auditing ERP environments (e.g., SAP, Oracle), key business applications, and supporting infrastructure preferred.
• Industry experience in healthcare, provider services, pharmacy services, or other regulated environments preferred.
• CISA strongly preferred; CIA or CPA a plus
• familiarity with data analytics or continuous auditing concepts is a plus.

Responsibilities

• Works with the Vice President of Internal Audit, IT leadership, and business stakeholders to execute the Company’s internal audit plan, with emphasis on IT risk and controls
• Fosters relationships with IT and business personnel at appropriate levels and serve as a subject matter expert for IT control design, system access, change management, data integrity, and documentation standards
• Consistently deliver high‑quality IT internal audit services in accordance with applicable professional standards (IIA, ISACA)
• Contributes to the annual audit plan and periodic risk updates, partnering with other assurance providers to coordinate activities and enhance overall assurance coverage across IT risks
• Independently plan and execute risk‑based IT and technology‑enabled audits, including defining objectives and scope, developing test procedures, performing fieldwork, synthesizing findings, assessing impact, and recommending practical, actionable remediation
• Drives high‑quality work products within expected time frames and budget
• Coordinates multiple concurrent projects and proactively manage stakeholder expectations related to service delivery and timelines
• Stays abreast of current technology, cybersecurity, and industry risk trends
• Performs other duties as assigned
• Supports execution of the SOX 404 program related to IT General Controls (ITGCs), automated application controls, and system‑dependent controls, coordinating closely with third‑party service providers
• Facilitates and lead IT SOX walkthroughs and design effectiveness assessments, including evaluation of: logical access controls, change management, IT operations, system interfaces, and IT‑dependent manual controls and IPE completeness and accuracy
• Oversee and review co‑sourced operating effectiveness testing of IT controls, ensuring testing approaches, evidence, and conclusions meet Internal Audit standards and support external auditor reliance
• Perform operating effectiveness testing as needed, validate system‑generated evidence, and ensure conclusions are supportable, clearly documented, and audit‑ready
• Provide day‑to‑day oversight and project management of co‑sourced resources supporting SOX IT and IT audit engagements, including coordinating scope, timelines, deliverables, and reviewing workpapers for quality and consistency
• Serve as one of the primary points of contact for assigned co‑source engagements, facilitating communication, resolving issues, and escalating risks or delivery concerns as appropriate
• Independently manage and execute assigned IT audit engagements end‑to‑end, while balancing oversight responsibilities and ensuring alignment with Internal Audit standards and expectations