Senior IT Auditor

Technology Risk Advisor

Responsible for serving as a technology risk advisor conducting internal information technology (IT) audits and reviews, providing risk education and project risk assessment on behalf of the corporation to mitigate risk and assess the control environment of each auditable unit. Develops and communicates risks and recommended controls for multiple layers of leadership. Provides guidance for lower level Corporate and IT audit staff.

• Assess risks across cybersecurity, cloud technologies, enterprise platforms, data governance, and digital transformation initiatives.
• Provide advisory support to technology and business teams on emerging risks, control design, and risk mitigation strategies during new initiatives and projects.
• Conduct internal audits and reviews to identify risks, document established controls to mitigate risk and assess the control environment of each auditable unit.
• Communicate issues, audit results, and recommendations in a clear and concise manner to appropriate levels of operating, IT, and executive management, including activity updates to the Audit Committee of the Board of Directors.
• Assist in the development of the annual audit plan through risk universe identification.
• Facilitate project risk assessments and lessons learned sessions. Conduct management action planning workshops to discuss business risks, prioritize control issues and develop corrective action plans
• Develop, maintain and report against a work plan, as work progresses, given scope and objectives. Prepare complete and accurate audit workpapers in a timely manner.
• Identify, develop and advocate for improvements to audit methodologies, policies, and procedures to incorporate lessons learned.
• Educate BCBSM employees and management about IT controls and encourage change that promotes an effective and efficient control environment.
• Participate in divisional or departmental infrastructure projects as assigned.
• Assist in training and educating audit IT staff

Qualifications

• Bachelor's degree in Information Technology, Information Security, Computer Sciences or Engineering, Management Information Systems, or closely related field required.
• Six years related experience, including three years of IT auditing or related experience (Information security, etc.) required.
• Strong understanding of project management and information technology required.
• Professional Audit Certifications CIA, CISA, CISM, CISSP, CGEIT, or HITRUST is required.
• Prior BCBSM experience is preferred.
• Advanced analytical and critical thinking skills, as is necessary to identify datasets/sources that are relevant to the audit and connect risks to data. Mastery of data and analytical concepts and principles; a role model in using leverage data in innovative ways across audit work.
• Ability to leverage data analytics and visualization tools to identify risks, evaluate controls, and enhance audit insights.
• Advanced oral communication skills, including presentations, as is necessary to effectively communicate audit information to financial and non-financial individuals, including senior levels.
• Strong written communication skills, including the proven ability to tell a relevant business story using data and visualizations
• Intermediate problem-solving ability, as necessary to solve problems in a dynamic team environment and handle multiple assignments in a timely manner.
• Advanced conflict management skills.
• Intermediate proficiency using Microsoft Word, Excel and Project.
• Intermediate proficiency in use of data analytics or visualization tools such as Tableau, ACL/HighBond, Power BI, or similar platforms.
• Strong interpersonal skills to effectively interface with various levels of management as well as contacts outside the organization.
• Knowledge of project audit methodologies, risk management and project management techniques to detect and resolve complex multidisciplinary issues.
• Demonstrate strong professional judgment, independence, and integrity consistent with IIA Standards and the Internal Audit Code of Ethics.
• Ability to travel to vendor locations to meet with operational and audit personnel.