Senior IT Internal Auditor

Overview

Job Title: Auditor-Internal IT Senior Dept: Corporate Auditing & ConsultingReports to: Director of IT AuditPosition SummaryPerforms independent and objective assurance and advisory activities to add value and enhance the effectiveness of IT controls within BMHCC operations. Critical tasks include risk assessments, internal control reviews and audits performed following established auditing and ethical standards, with a particular emphasis on IT controls and operations. Promotes compliance with healthcare regulations, protection of sensitive patient information, and operational efficiency by identifying risks and recommending improvements. Responsibilities IT Audit Planning & ExecutionAssists Internal Audit leadership in the development and execution of riskbased IT audit plans aligned with departmental standards and healthcare regulatory requirements.Identifies key controls, risks, and audit objectives; design audit programs tailored to healthcare IT environments.Conducts audits of IT systems, applications, databases, and infrastructure, including EHR/EMR platforms, cybersecurity controls, and data privacy processes. Risk Assessment & ComplianceAssesses IT risks related to data privacy, cybersecurity, change management, business continuity, and system access.Ensures compliance with HIPAA, NIST, and internal policies. Documentation & ReportingPrepares clear, concise audit reports summarizing findings, risks, and recommended corrective actions. Collaboration & AdvisoryCollaborates effectively with crossfunctional teams and influence stakeholders.Partners with IT, cybersecurity, compliance, and clinical operations teams to evaluate new systems, security enhancements, and major IT initiatives.Coordinates with external auditors to support reliance on internal IT audit work. Required Preferences & Qualifications Education & ExperienceBachelor's degree in Information Systems, Computer Science, Accounting, or related field.Three years of IT audit experience, preferably in healthcare. Technical SkillsStrong knowledge of IT general controls (ITGC), cybersecurity frameworks, and healthcare IT systems.Experience with vulnerability assessments, data privacy controls, and change management processes.Proficiency with audit tools, SQL, Microsoft Office, and database applications including data analysis software. Soft SkillsExcellent analytical, communication, and reportwriting abilities.Strong judgment, attention to detail, and ability to manage multiple projects independently. Preferred CertificationsCISA (Certified Information Systems Auditor)CISSP (Certified Information Systems Security Professional)CIA (Certified Internal Auditor)