Senior IT Auditor
Apply NowCompany: Astrana Health
Location: Eureka, CA 95503
Description:
Senior IT Auditor
Department: Corporate Finance
Employment Type: Full Time
Location: 1668 S. Garfield Ave. 2nd Floor, Alhambra, CA 91801
Compensation: $95,000 - $130,000 / year
Description
As a member of Astrana Health's Internal Audit department, the Senior IT Auditor is responsible for planning and performing operational and compliance audits of information systems and applications of the company, its subsidiaries, and its external IT service providers. Under the direction of the Sr Manager - IT Audit, the Senior IT Auditor leverages their understanding of how IT applications, infrastructure and processes support key business processes that affect Astrana Health's ability to fulfill its business objectives and strategic goals; as well as to assess internal control structures and to evaluate compliance with policies, procedures, regulations, and management objectives.
What You'll Do
Audit Planning and Execution:
Identifies appropriate risks, control objectives and controls using appropriate IT control frameworks and other leading practice resources for guidance. Using accepted risk assessment techniques, proposes appropriate audit scope and control objectives for the areas under review. Continually evaluates the system of internal control, business operations and processes, and technical environment to determine the areas of highest risk.
Conducts process and control walkthroughs, assesses the design of controls, develops, and enhances comprehensive test plans, and performs independent testing of internal controls to evaluate their operating effectiveness. In short, you are an experienced in leading walkthroughs - you understand how to interview stakeholders, gather information, identify relevant information, and document key details
Manages execution of audit test plans to validate relevant control objectives and testing approach. Interprets the significance of the test results and concludes on the design and operating effectiveness of the systems of internal control.
Reviews the work and deliverables of the project team for sufficiency of scope, accuracy, completeness, and compliance with Company, IIA and ISACA standards.
Maintains Internal Control Management Software (AuditBoard) and looks for opportunities to introduce efficiencies to audits using technology (i.e., Computer Assisted Audit Techniques or other automation), or professional trends.
Identifies, develops, and documents audit issues and recommendations for improvement. Communicates the results of audit projects via written reports and/or oral presentations in a clear and concise manner. Provides practical and cost-effective recommendations to support business process improvement and/or enhance the overall control environment.
Participates in new systems development/implementation projects to ensure appropriate controls are incorporated.
Monitors the progress of management action and remediation plans from completed audits through regular follow-ups.
Builds and maintains strong cross-functional relationships with IT, Accounting/Finance, system owners, and business leaders through effective collaboration.
Leadership and Executive Presence:
Develops and maintains productive professional relationships with colleagues, auditees and management through individual contacts and group meetings. Demonstrates effective collaboration skills required to obtain management buy-in for audit scope and to influence constructive change.
Possesses strong verbal and written communication skills to effectively present to, interact with and communicate to management at all levels; including the ability to communicate technical risks and concepts to non-technical audiences.
Is a "self-starter" with a proactive attitude, a demonstrated ability to multi-task effectively and to work independently without close supervision. Demonstrates good personal and sound business judgment on a consistent basis.
Exhibits uncompromising professional and personal integrity, and consistency between values, words and actions. Is a role model of company values to others.
IT Technical Competence:
Consistently demonstrates in-depth technical skills and understanding. Experience in having applied relevant IT technical knowledge to audits and special projects (i.e. experience identifying key business risks and controls in ERP applications and cloud systems).
Serves as an IT technical resource, remaining current in new and emerging developments affecting information technology with an understanding of controls in engineering processes like Agile and DevOps models.
Pursues professional development opportunities, including external and internal training, self-study, research of best practices and professional trends, and professional association memberships; shares knowledge with co-workers.
Qualifications
Bachelor' degree in Computer Science or Management Information Systems is preferred; or a bachelor's degree in other Finance, Engineering, or Business-related field with IT-related experience (3 years minimum) is acceptable. Advanced degree is a plus.
Three to five years of experience conducting IT and operational audits at a public accounting firm and/or multi-national public company is essential. Primary audit experience in compliance, focused on SOX 404 IT compliance testing is required. Secondary operational audit experience, focused on audits of IT applications, infrastructure and processes is preferred. Big 4 and healthcare industry is highly desirable.
CISA, CISSP, CISM, CIA, or other applicable professional certification is preferred.
In-depth knowledge of IT control and governance frameworks (COBIT, ISO, NISTL, ITIL, COSO), along with Generally Accepted Auditing Standards, and standard audit procedures and techniques is required.
In-depth knowledge of SOX is required, including control assessments, Key Report testing, Automated Application Controls and IT General Controls. Working knowledge of other compliance laws (i.e., PCI, SOC 1, SOC 2, HIPAA, etc.) is preferred.
Working knowledge of operating systems, applications (client-server and/or n-tier), databases, networks, security, systems development/integration, change management and SDLC is preferred. Working knowledge and experience with Sage 100, SAP Concur and Netwrix is a plus.
Ability to think critically, make assessments and develop conclusions. Ability to learn complex processes quickly, establish credibility with auditees and management, and gather required information in a timely manner.
Must be result-oriented, proactive and possess the highest standards of ethics and integrity.
Must have strong communication skills (verbal and written), diplomacy, and ability to communicate effectively with both technical and non-technical audiences. Ability to discuss audit findings and control gaps effectively and confidently with management and develop business-focused recommendations to strengthen controls is essential.
Ability to work in office in Alhambra 2-3 days per week.
Who We Are
Astrana Health, formerly known as Astrana Health, (NASDAQ: ASTH) is a physician-centric, technology-powered healthcare management company. We are building and operating a novel, integrated, value-based healthcare delivery platform to empower our physicians to provide the highest quality of end-to-end care for their patients in a cost-effective manner. Our mission is to combine our clinical experience, best-in-class delivery network, and technological expertise to improve patient outcomes, increase access to healthcare, and make the US healthcare system more efficient.
Our platform currently empowers over 10,000 physicians to provide care for over 1.2 million patients nationwide. Our rapid growth and unique position at the intersection of all major healthcare stakeholders (payer, provider, and patient) gives us an unparalleled opportunity to combine clinical and technological expertise to improve patient outcomes, increase access to quality healthcare, and reduce the waste in the US healthcare system.
Our Values:
Environmental Job Requirements and Working Conditions:
Astrana is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. All employment is decided on the basis of qualifications, merit, and business need. If you require assistance in applying for open positions due to a disability, please email us at humanresourcesdept@astranahealth.com to request an accommodation.
Additional Information:
The job description does not constitute an employment agreement between the employer and employee and is subject to change by the employer as the needs of the employer and requirements of the job change.
Department: Corporate Finance
Employment Type: Full Time
Location: 1668 S. Garfield Ave. 2nd Floor, Alhambra, CA 91801
Compensation: $95,000 - $130,000 / year
Description
As a member of Astrana Health's Internal Audit department, the Senior IT Auditor is responsible for planning and performing operational and compliance audits of information systems and applications of the company, its subsidiaries, and its external IT service providers. Under the direction of the Sr Manager - IT Audit, the Senior IT Auditor leverages their understanding of how IT applications, infrastructure and processes support key business processes that affect Astrana Health's ability to fulfill its business objectives and strategic goals; as well as to assess internal control structures and to evaluate compliance with policies, procedures, regulations, and management objectives.
What You'll Do
Audit Planning and Execution:
Identifies appropriate risks, control objectives and controls using appropriate IT control frameworks and other leading practice resources for guidance. Using accepted risk assessment techniques, proposes appropriate audit scope and control objectives for the areas under review. Continually evaluates the system of internal control, business operations and processes, and technical environment to determine the areas of highest risk.
Conducts process and control walkthroughs, assesses the design of controls, develops, and enhances comprehensive test plans, and performs independent testing of internal controls to evaluate their operating effectiveness. In short, you are an experienced in leading walkthroughs - you understand how to interview stakeholders, gather information, identify relevant information, and document key details
Manages execution of audit test plans to validate relevant control objectives and testing approach. Interprets the significance of the test results and concludes on the design and operating effectiveness of the systems of internal control.
Reviews the work and deliverables of the project team for sufficiency of scope, accuracy, completeness, and compliance with Company, IIA and ISACA standards.
Maintains Internal Control Management Software (AuditBoard) and looks for opportunities to introduce efficiencies to audits using technology (i.e., Computer Assisted Audit Techniques or other automation), or professional trends.
Identifies, develops, and documents audit issues and recommendations for improvement. Communicates the results of audit projects via written reports and/or oral presentations in a clear and concise manner. Provides practical and cost-effective recommendations to support business process improvement and/or enhance the overall control environment.
Participates in new systems development/implementation projects to ensure appropriate controls are incorporated.
Monitors the progress of management action and remediation plans from completed audits through regular follow-ups.
Builds and maintains strong cross-functional relationships with IT, Accounting/Finance, system owners, and business leaders through effective collaboration.
Leadership and Executive Presence:
Develops and maintains productive professional relationships with colleagues, auditees and management through individual contacts and group meetings. Demonstrates effective collaboration skills required to obtain management buy-in for audit scope and to influence constructive change.
Possesses strong verbal and written communication skills to effectively present to, interact with and communicate to management at all levels; including the ability to communicate technical risks and concepts to non-technical audiences.
Is a "self-starter" with a proactive attitude, a demonstrated ability to multi-task effectively and to work independently without close supervision. Demonstrates good personal and sound business judgment on a consistent basis.
Exhibits uncompromising professional and personal integrity, and consistency between values, words and actions. Is a role model of company values to others.
IT Technical Competence:
Consistently demonstrates in-depth technical skills and understanding. Experience in having applied relevant IT technical knowledge to audits and special projects (i.e. experience identifying key business risks and controls in ERP applications and cloud systems).
Serves as an IT technical resource, remaining current in new and emerging developments affecting information technology with an understanding of controls in engineering processes like Agile and DevOps models.
Pursues professional development opportunities, including external and internal training, self-study, research of best practices and professional trends, and professional association memberships; shares knowledge with co-workers.
Qualifications
Bachelor' degree in Computer Science or Management Information Systems is preferred; or a bachelor's degree in other Finance, Engineering, or Business-related field with IT-related experience (3 years minimum) is acceptable. Advanced degree is a plus.
Three to five years of experience conducting IT and operational audits at a public accounting firm and/or multi-national public company is essential. Primary audit experience in compliance, focused on SOX 404 IT compliance testing is required. Secondary operational audit experience, focused on audits of IT applications, infrastructure and processes is preferred. Big 4 and healthcare industry is highly desirable.
CISA, CISSP, CISM, CIA, or other applicable professional certification is preferred.
In-depth knowledge of IT control and governance frameworks (COBIT, ISO, NISTL, ITIL, COSO), along with Generally Accepted Auditing Standards, and standard audit procedures and techniques is required.
In-depth knowledge of SOX is required, including control assessments, Key Report testing, Automated Application Controls and IT General Controls. Working knowledge of other compliance laws (i.e., PCI, SOC 1, SOC 2, HIPAA, etc.) is preferred.
Working knowledge of operating systems, applications (client-server and/or n-tier), databases, networks, security, systems development/integration, change management and SDLC is preferred. Working knowledge and experience with Sage 100, SAP Concur and Netwrix is a plus.
Ability to think critically, make assessments and develop conclusions. Ability to learn complex processes quickly, establish credibility with auditees and management, and gather required information in a timely manner.
Must be result-oriented, proactive and possess the highest standards of ethics and integrity.
Must have strong communication skills (verbal and written), diplomacy, and ability to communicate effectively with both technical and non-technical audiences. Ability to discuss audit findings and control gaps effectively and confidently with management and develop business-focused recommendations to strengthen controls is essential.
Ability to work in office in Alhambra 2-3 days per week.
Who We Are
Astrana Health, formerly known as Astrana Health, (NASDAQ: ASTH) is a physician-centric, technology-powered healthcare management company. We are building and operating a novel, integrated, value-based healthcare delivery platform to empower our physicians to provide the highest quality of end-to-end care for their patients in a cost-effective manner. Our mission is to combine our clinical experience, best-in-class delivery network, and technological expertise to improve patient outcomes, increase access to healthcare, and make the US healthcare system more efficient.
Our platform currently empowers over 10,000 physicians to provide care for over 1.2 million patients nationwide. Our rapid growth and unique position at the intersection of all major healthcare stakeholders (payer, provider, and patient) gives us an unparalleled opportunity to combine clinical and technological expertise to improve patient outcomes, increase access to quality healthcare, and reduce the waste in the US healthcare system.
Our Values:
- Put Patients First
- Empower Entrepreneurial Provider and Care Teams
- Operate with Integrity & Excellence
- Be Innovative
- Work As One Team
Environmental Job Requirements and Working Conditions:
- This position has the option to be remotely based in the U.S. Conversely, candidates can choose to work in a hybrid fashion and work through the Alhambra, CA Astrana Health office.
- The hiring manager for this role sits in the Eastern Time Zone, while many of the business partners work on Pacific Time.
- The total compensation target pay range for this role is: $95,000 - $130,000. The salary range represents our national target range for this role.
- Astrana Health offers a competitive Actuarial Student Program for any candidates seeking their ASA or FSA credentials.
Astrana is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. All employment is decided on the basis of qualifications, merit, and business need. If you require assistance in applying for open positions due to a disability, please email us at humanresourcesdept@astranahealth.com to request an accommodation.
Additional Information:
The job description does not constitute an employment agreement between the employer and employee and is subject to change by the employer as the needs of the employer and requirements of the job change.