Ideal candidate will function as a skilled internal control consultant responsible for conducting internal information technology (IT) audits / reviews to assess the control environment of each auditable unit. This position assists management in performing information security reviews and audits of vendors and BCBSM. Must have strong information security knowledge. Knowledge of HIPAA security and privacy rulings a plus. Only 5-10% travel.
Examines risks and controls associated with all aspects of the parent and its subsidiaries. Provides audit reporting results to BCBSM and its subsidiaries management staff and activity updates the Audit Committee of the Board of Directors. Conducts various projects to assess the control environment of each audit unit. Conducts effective and efficient IT audit work. Communicates the results of audits and/or projects in a clear and concise manner to all levels of management. Participates in divisional or departmental infrastructure projects as assigned. Provides timely full scope of advisory services to multiple project teams. Complete audit and administrative assigned projects within time budgets or deadline constraints. Other duties may be assigned.
Bachelor's Degree in Business Administration, Management Information Systems, Computer Science or closely related field is required.
Three (3) years related work experience, which includes two (2) years of IT auditing experience.
Professional Audit Certifications CIA, CISA, or CISSP are preferred.
Valid and unrestricted driver's license is required.
Working knowledge of audit methodologies applicable to BCBSM, BCN Dentemax or similar institutions.
Excellent analytical, organizational, verbal and written communication skills to effectively communicate audit information to financial and non-financial individuals.
Ability to solve problems in a dynamic team environment and handle multiple assignments in a timely manner.
Experience in conflict management skills necessary to resolve issues where corporate areas are in disagreement.
Proficient in current industry standard PC applications, (e.g. Excel, Access, Word, Microsoft Office) and systems including automated workpaper system.
Working knowledge of Information Technology both pre (e.g. system development life cycle, change control, operating systems, applications and security)and post (e.g. operating systems, applications, security and data center operations) production controls.
Ability to effectively interface with various levels of management internally and as well as contacts outside the organization.
Must be able to travel to other BCBSM facilities and vendor sites to meet with operating or audit personnel.
Other related skills and/or abilities may be required to perform this job
Candidate must be able to perform reviews over information security controls - physical access, logical access (application, operating system, and network), etc.
Preference given to candidates who also are familiar with data analytic tools, continuous auditing and electronic work paper management systems (such as TeamMate).
Experience with continuous auditing is a plus.