Senior Internal IT Controls Auditor (Compliance)
Surescripts Arlington, VA
Surescripts was founded in 2001 when the pharmacy industry and other collaborators set out to replace paper prescriptions with electronic. Today, we’re the nation’s largest health information network, connecting pharmacies, care providers, benefit managers and technology partners to get the right information to the right place at the right time. We offer industry-leading solutions that digitize manual workflows and use our unparalleled breadth of data to vastly improve healthcare connectivity, patient safety and provider efficiency.
The Senior Internal IT Controls Auditor (Compliance) plays a pivotal role in ensuring compliance with corporate policies; and all applicable regulatory requirements and industry standards. This individual is responsible for testing, documenting, evaluating, remediating, and improving internal controls and processes for effectiveness and operational efficiency. The Senior Internal Controls Auditor will fulfill these duties by collaborating with stakeholders from various functional business units to ensure compliance objectives and deliverables are met. Strong knowledge of governance frameworks is essential for this position.
- Conduct complex risk-based information systems internal audits consistent with auditing standards and professional practices.
- Review existing documentation of controls, processes, policies, procedures, and reports for effectiveness and sustainability.
- Review, document, evaluate, and test business processes and/or manual and automated technology controls in the IT environment, including operating systems, applications, middleware, and endpoint systems.
- Develop and implement testing methodologies for business processes, integrity, and confidentiality in the IT environment.
- Design and execute compliance tests for business processes and/or operating effectiveness for IT systems and controls; coordinate required remediation.
- Conduct risk assessments on business and operational processes, procedures, and policies.
- Interpret audit results and make conclusions on the adequacy and reliability of controls; prepare and present reports to stakeholders as necessary.
- Produce a high-quality end product that clearly documents the audit work performed and the conclusions per the audit calendar schedule.
- Manage follow-up and management reporting for outstanding corrective action plans.
- Prioritize projects based on severity of risk and non-compliance.
- Communicate control strengths and weaknesses to stakeholders; collaborate with stakeholders to develop mitigation plans.
- Conduct gap analysis via testing, and recommend specific actions to address gaps in processes and recommend policy updates as necessary.
- Design enhancements for controls and processes in need of remediation.
- Design audit programs to ensure ongoing evaluation and validation of control effectiveness.
- Assist in delivering requests from external auditors and consultants during the audit process.
- Liaise with external auditors to facilitate the auditing process.
- 5+ years of internal audit experience at a mid or larger size company, preferable healthcare.
- Bachelor degree in Computer Science, Information Technology or a related field or equivalent experience.
- Demonstrated experience in testing, evaluating, and documenting controls for compliance.
- Solid understanding of assessing and designing internal controls in an enterprise-level environment.
- Experience building tools and presentations with Microsoft Word, Excel, Visio, and PowerPoint.
- Strong project management skills.
- Knowledge of HIPAA, HITECH, and other healthcare related standards and regulations.
- CISSP, CRISC, CISM or similar certifications