Director IT Audit

Highmark Health Director IT Audit Columbia, South Carolina Apply Now This job is accountable for the direction and implementation for the technology component of the comprehensive, risk-based information systems audit, advisory, and compliance plan for the Highmark Health enterprise board-approved annual audit plan. Interacts with a wide spectrum of stakeholders including, but not limited to, executive leadership, the Highmark Health audit committee, subsidiary boards of directors, state and federal governments, external auditors, employer groups, and partner plan customers. Partnering closely with senior operational and technology business leaders, ensures that the respective risk management and compliance programs address applicable laws, rules, regulations and relevant business risks as well as corporate requirements, recommending and/or implementing improvements in line with corporate standards, applicable regulations, and/or best practice frameworks. Has oversight of the data analytics function supporting government compliance activities and the audit plan. All employees must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI). Employees in this role may have access to covered information, cardholder data, or other confidential customer information which must be protected at all times. In connection with this responsibility, employees in this role must adhere to all data security guidelines established within the Company's Handbook of Privacy Policies and Practices and Information Security Policy. ESSENTIAL RESPONSIBILITIES Perform management responsibilities to include, but are not limited to: involved in hiring and termination decisions, coaching and development, rewards and recognition, performance management and staff productivity. Plan, organize, staff, direct and control the day-to-day operations of the department; develop and implement policies and programs as necessary; may have budgetary responsibility and authority. Define and coordinate the IT audit and advisory process with key organizational leaders and review and establish a program to ensure the quality of work performed consistently meets Institute of Internal Auditor (IIA) and Information Systems Audit and Control Association (ISACA) guidelines. Review draft audit reports and ensure a process is in place for audit leads and managers to agree on the findings and proposed actions with business owners. Prepare materials and present to senior and executive management, the Highmark Health Audit Committee, and subsidiary boards of directors as required. Collaborate with internal assurance partners to ensure that risk assessment and audit activities consider relevant regulatory requirements and industry standards. Proactively identify areas requiring attention or strengthening and work collaboratively with business and technology management to implement improvements in line with corporate standards, applicable regulations, and/or best practice frameworks. Involvement in strategic projects and initiatives through the provision of risk, control and governance consultancy. Provide proactive risk, control and governance counsel to business leadership as required. Interact with and must be able to influence senior management and matrix partners on matters of significance. Evaluate efficiency and cost effectiveness of audit processes; recommend changes to auditing policies, procedures and programs as needed. Responsible for advising of the development and support of the suite of applications used by both Technology and Operational Audit and Advisory, primarily Archer, as well as developing a long term Information Technology strategy and roadmap for the collective Technology and Operational Audit & Advisory departments. Participate in Information technology and security risk assessment processes with enterprise-wide senior leadership, identifying key strategic and operational risks. Leveraging the risk assessment outcomes, collaboratively develop the comprehensive, annual, Internal Audit plan with other senior leaders in the Enterprise Risk & Governance department for presentation to and approval from the Highmark Health Audit Committee of the Board of Directors. Participate in industry-related forums and training activities to stay current with risk management practices, assurance and attest practices, and specialized technology subject matter risks (e.g. cybersecurity, data governance, etc.). Other duties as assigned or requested. EDUCATION Required Bachelor's Degree in Accounting, Finance, Business Administration, Information Technology, Computer Science, or relevant experience and/or education as determined by the company in lieu of bachelor's degree. Preferred None EXPERIENCE Required 10 years of Information Systems auditing OR combination of experience in audit and an Information Systems related discipline, such as Information Security, Change Management, Systems Development, etc., with increasing responsibility. 3 years in a management or leadership role, preferably in an Audit or Information Systems discipline in a Healthcare or Healthcare-related industry. Preferred Familiarity with a wide variety of computer application platforms, including but not limited to: Oracle, SQL Server, DB2, RACF, Linux, and Windows. Experience with Archer Governance, Risk, and Compliance (GRC) suite of products. LICENSES or CERTIFICATIONS Required None Preferred Certified Information System Auditor (CISA) Certified Internal Auditor (CIA) Certified Public Accountant (CPA) SKILLS Demonstrate expert knowledge of processes, risk and control frameworks, and audit methodology relating to Information Technology, Information Security, Cybersecurity, System Implementations, and Data Privacy. Demonstrate expert ability to apply risk-based auditing techniques to the evaluation of systems environments and processes. Excellent resource and project planning capabilities, decision making skills, and effective team building across a diverse team of management and staff. Strong written and verbal communication skills for diverse audiences. Strong relationship building skills and ability to influence in a matrixed organization. Highly developed leadership qualities with an ability to motivate and inspire a group of individuals to achieve superior results. High capacity to think analytically, interpret information / observations, apply judgment and make effective, strategic decisions. Ability to manage multiple projects, meet deadlines while ensuring quality and exceeding client expectations. Language (Other than English): None Travel Requirement: 0% - 25% PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS Position Type Office-based Teaches / trains others regularly Travel regularly from the office to various work sites or from site-to-site Physical work site required: No Lifting: up to 10 pounds: Constantly Lifting: 10 to 25 pounds: Occasionally Lifting: 25 to 50 pounds: Rarely Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job. Compliance Requirement : This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies. As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company's Handbook of Privacy Policies and Practices and Information Security Policy. Furthermore, it is every employee's responsibility to comply with the company's Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements. Pay Range Minimum: $108,000.00 Pay Range Maximum: $201,800.00 Base pay is determined by a variety of factors including a candidate's qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations. Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, age, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. EEO is The Law Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled/Sexual Orientation/Gender Identity We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the number below. For accommodation requests, please contact HR Services Online at California Consumer Privacy Act Employees, Contractors, and Applicants Notice #J-18808-Ljbffr

Created: 2025-02-14