Manager, Internal Audit, IT and Cybersecurity

About The Position

Requirements

• Bachelor’s degree plus a minimum of 7 years of relevant experience, including experience performing IT audits and/or integrated audits that incorporate IT, cybersecurity, or technology risk; or a Master’s degree and/or Certification in a relevant field and 5 years of experience.
• At least one of the following: CPA, CISA, CISSP, or CIA certifications.

Nice To Haves

• Internal audit or assurance experience within IT, cybersecurity, or complex healthcare IT environments.
• COBIT, HITRUST, NIST, ISO, ITIL, PMBOK, and SOX (IT).

Responsibilities

• Lead and manage complex IT, information security, and Cybersecurity internal audit and advisory engagements from planning through reporting and follow‑up.
• Ensure audit work is conducted in accordance with the IIA Global Internal Audit Standards, departmental methodology, and approved audit plans.
• Develop, tailor, and enhance audit programs and testing procedures for complex systems, technologies, and IT‑enabled processes.
• Review and approve audit workpapers to ensure conclusions are well‑supported by sufficient, appropriate, and reliable evidence.
• Identify root causes, assess risk significance, and develop practical, value‑added recommendations that improve control effectiveness and risk management.
• Participate in ongoing IT and Cybersecurity risk assessments, including the identification, prioritization, and evaluation of emerging technology risks.
• Provide input to the IT & Cybersecurity Internal Audit plan based on risk, control maturity, system changes, and strategic initiatives.
• Support the Director, Internal Audit – IT & Cybersecurity in assessing coverage adequacy and emerging risk themes.
• Support integrated audits with other Internal Audit disciplines where technology or Cybersecurity risk is a key component.
• Lead opening and closing meetings for assigned audits and clearly communicate audit objectives, observations, and recommendations to management.
• Draft concise, objective, and executive‑ready audit reports with balanced judgment and defensible conclusions.
• Build effective working relationships with IT, Cybersecurity, and business leaders while maintaining Internal Audit independence.
• Participate in discussions with senior leaders as needed to explain audit observations and remediation expectations.
• Oversee validation, tracking, and closure of IT and Cybersecurity audit issues and management action plans.
• Monitor remediation progress and escalate delays or quality concerns to the Director, Internal Audit – IT & Cybersecurity as appropriate.
• Assess the severity and significance of audit issues to support consistent risk reporting.
• Provide day‑to‑day coaching, guidance, and feedback to IT & Cybersecurity Internal Audit staff.
• Support performance evaluations, goal setting, and professional development for assigned auditors.
• Assist with recruiting, onboarding, and training of IT & Cybersecurity Internal Audit personnel.
• Contribute to continuous improvement of Internal Audit methodology, templates, and tools, including data analytics and automated workpapers.
• Maintain awareness of evolving IT, Cybersecurity, and healthcare technology risks, regulatory expectations, and industry standards.
• Serve as a subject‑matter resource within Internal Audit related to IT and Cybersecurity risks and controls.