Sr. IT Auditor and Risk Analyst

EDUCATION/EXPERIENCE REQUIRED:

• Bachelor's Degree in Business Administration, Engineering, Information Systems, Information Assurance or closely related field required is required.
• Experience providing working knowledge and skills in the following: Security laws, mandates, standards and best practices (i.e., HIPAA, ISO, ACA, DFIS, NACHA, Payor customer group security requirements, PCI, HITECH, GLB, etc.).
• Minimum seven (7) years related experience, which includes three (5) years of IT or technology related auditing experience.
• Experience or knowledge of technical and operational, business and healthcare environment preferably Payor related healthcare activities.
• Familiarity with national security standards, business continuity, disaster recover, auditing, risk management, vulnerability assessments, regulatory compliance, and incident management.
• Strong understanding of project management and information technology background.
• Professional Audit Certifications such as CIA, CISA, CISM, CRISC or CCSA required or within one year of hire.
• Valid and unrestricted driver's license required.
• Good analytical, organizational, verbal and written communication skills.
• Ability to solve problems in a dynamic team environment and handle multiple assignments in a timely manner.
• Experience in conflict management skills necessary to resolve issues where corporate areas are in disagreement.
• Ability to effectively interface with various levels of management internally and as well as contacts outside the organization.
• Must be able to travel to other HFHS and Subsidiary facilities and vendor sites to meet with operating or audit personnel.
• Assists Director in performance of annual IT Risk Assessment covering specific topics as required for SOC and PCI Compliance audits; collaborates with Senior IT personnel to perform a comprehensive IT risk assessment; tracks progress and provides support for risk remediation efforts.
• Assists Director in the performance of periodic access reviews on systems, network, and applications (logical) access; Creates preliminary gap reports showing findings and recommends actions to resolve issues.
• Responsible for maintenance of the standardized risk and Audit questionnaire and assessment processes for audits and assessment done against HFHS and its subsidiaries by third parties.
• Performs annual reviews of HFHS policies, procedures, diagrams, flow charts and related documentation used for due diligence, audits, and RFP's; Collaborates with subject matter experts and technical writers to ensure documentation is accurate and kept current.
• Collaborates with HFHS Procurement and Compliance departments on third-party due diligence efforts in fulfillment of new and recurring Vendor Management risk assessments and due diligence.
• Other related skills and/or abilities may be required to perform this job.

CERTIFICATIONS/LICENSURES REQUIRED:

• CISM, or CRISC or CISA or CCSA required within one year of hire.
• ITIL v3.0 certified required within one year.