IT Internal Audit Program Manager - System Wide

With a legacy that spans over 150 years, Bon Secours is a network that is dedicated to providing excellent care through exceptional people. At every level, everyone on our teams have embraced the call to provide compassionate care. Here, you can work with others who share common values, and use your skills to help extend care to all of our communities.

Primary Function

Leads IT internal audit projects according to the audit plan throughout the Ministry, including risk assessment, audit performance, follow-up and ongoing communication of risks, results and mitigation efforts. Develops appropriate documentation to support audit work performed. Assesses information security policies and supporting processes and helps ensure IT compliance with regulatory requirements. Responsible for ongoing communication and collaboration with key partners including (but not limited to) IT, Compliance, Legal, Finance and Revenue Cycle.

Essential Job Functions

• Assists in IT risk assessment process and preparation of audit plan that focuses on high-risk areas.
• Continuously evaluates the Information Security Program including recommending updates to existing policies and procedures to help ensure they are in accordance with established industry practice and compliant with federal and state regulations.
• Applies current internal control conceptual frameworks such as NIST in conducting independent audits according to the audit plan and develops appropriate documentation to support audit work performed. Audits may include topics such as safeguarding of information, vendor processes to ensure compliance with internal policies, user access controls, business continuity and incident response, etc.
• Recommends content for the cyber security training program. Reviews analytics, responses, and results for training administered to evaluate the effectiveness of the program.
• Periodically performs reviews of user access controls and identity access system settings and configurations focusing on standard and privileged accounts to ensure compliance with established policy and guidelines. Additionally, ensures access is terminated timely upon termination and job changes or transfers.
• Measures and tracks the results of audits performed through action plan follow-up procedures.
• Assists in the preparation of audit reports for presentations to management and governance; may present findings to management as appropriate.
• Communicates and prepares meeting agendas and status reports to facilitate discussion with immediate supervisor and upper management about audit activities in progress and emerging issues in a timely and proactive manner.
• Keeps current on IT industry trends and areas of interest through utilization of industry research and knowledge resources.
• Displays a commitment to excellence, accuracy and thoroughness in all activities, and searches for ways to improve and promote quality. Participates in department process improvement efforts.
• This document is not an exhaustive list of all responsibilities, skills, duties, requirements, or working conditions associated with the job. Employees may be required to perform other job-related duties as required by their supervisor, subject to reasonable accommodation.
  
  

Employment Qualifications

• Required Minimum Education: Undergraduate Degree; Specialty/Major: Business, information systems technology, information security, accounting or related area.
• Required Licensing/Certification: CISA, CPA and/or CIA
• Preferred Licensing/Certification: Other technical credentials such as CISSP or CISM
• Minimum Qualifications: Five to seven years previous audit experience.
• Other Knowledge, Skills and Abilities Required: Mental agility and strong communication skills regarding risk management and internal control issues. Self-starter able to work independently and efficiently in a partially remote environment. Ability to understand broad enterprise risks in a complex health system beyond traditional financial audit and controls.
• Other Knowledge, Skills and Abilities Preferred: Solid analytical skills with the ability to look at the big picture impact; experience with project management a plus. Experience with electronic work papers; preferably an audit automated work paper system. Exposure to data analytics design or construction. Familiarity with IT General Controls and technical knowledge and experience in network architecture, design, configuration, and implementation. In addition, IT concepts concentrating on application security and PCI.
  
  

Many of our opportunities reward* your hard work with:

Comprehensive, affordable medical, dental and vision plans

Prescription drug coverage

Flexible spending accounts

Life insurance w/AD&D

Employer contributions to retirement savings plan when eligible

Paid time off

Educational Assistance

And much more

• Benefits offerings vary according to employment status
  
  

All applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you'd like to view a copy of the affirmative action plan or policy statement for Mercy Health – Youngstown, Ohio or Bon Secours – Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employers, please email recruitment@mercy.com. If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at recruitment@mercy.com