Senior IT Internal Auditor

Job Title:Auditor-Internal IT Senior

Dept:Corporate Auditing & Consulting

Reports to:Director of IT Audit

Position Summary

Performs independent and objective assurance and advisory activities to add value and enhance the effectiveness of IT controls within BMHCC operations. Critical tasks include risk assessments internal control reviews and audits performed following established auditing and ethical standards with a particular emphasis on IT controls and operations. Promotes compliance with healthcare regulations protection of sensitive patient information and operational efficiency by identifying risks and recommending improvements.

Responsibilities IT Audit Planning & Execution

• Assists Internal Audit leadership in the development and execution of riskbased IT audit plans aligned with departmental standards and healthcare regulatory requirements.
• Identifies key controls risks and audit objectives; design audit programs tailored to healthcare IT environments.
• Conducts audits of IT systems applications databases and infrastructure including EHR/EMR platforms cybersecurity controls and data privacy processes.

Risk Assessment & Compliance

• Assesses IT risks related to data privacy cybersecurity change management business continuity and system access.
• Ensures compliance with HIPAA NIST and internal policies.

Documentation & Reporting

• Prepares clear concise audit reports summarizing findings risks and recommended corrective actions.

Collaboration & Advisory

• Collaborates effectively with crossfunctional teams and influence stakeholders.
• Partners with IT cybersecurity compliance and clinical operations teams to evaluate new systems security enhancements and major IT initiatives.
• Coordinates with external auditors to support reliance on internal IT audit work.

Required Preferences & Qualifications Education & Experience

• Bachelors degree in Information Systems Computer Science Accounting or related field.
• Three years of IT audit experience preferably in healthcare.

Technical Skills

• Strong knowledge of IT general controls (ITGC) cybersecurity frameworks and healthcare IT systems.
• Experience with vulnerability assessments data privacy controls and change management processes.
• Proficiency with audit tools SQL Microsoft Office and database applications including data analysis software.

Soft Skills

• Excellent analytical communication and reportwriting abilities.
• Strong judgment attention to detail and ability to manage multiple projects independently.

Preferred Certifications

• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CIA (Certified Internal Auditor)