Our Mission is to Make Healthcare Right. Together. Built upon the belief that by connecting and aligning the best local resources in healthcare delivery with the financing of care, we can deliver a superior consumer experience, lower costs, and optimized clinical outcomes.
What drives our mission? The company values we live and breathe every day. We keep it simple: Be Brave. Be Brilliant. Be Accountable. Be Inclusive. Be Collaborative.
If you share our passion for changing healthcare so all people can live healthy, brighter lives – apply to join our team.
SCOPE OF ROLE
Bright Health is seeking a Senior IT Auditor for its rapidly growing organization. In this role, the Senior IT Auditor will support the building of a value-added internal audit function that focuses on the risks that matter, is collaborative and innovative. The Senior IT Auditor will perform assigned individual audit projects or portions of projects to evaluate IT, IT operations and the adequacy of the system of control to achieve established objectives. The Senior IT Auditor will also support Audit’s annual risk assessment and the corporate Sarbanes-Oxley (SOX) compliance program, prepare audit reports, report results to management and other related duties. This is a dynamic position that requires working with personnel across all functions of the company and at varying levels of responsibility.
The Senior IT Auditor job description is intended to point out major responsibilities within the role, but it is not limited to these items.
- Plan and execute corporate information technology (IT) audit projects designed to provide assessment of internal control processes and operational performance, in accordance with department and professional standards
- This includes preparing detailed plans for performing individual projects, including the identification of key risks and controls, determination of audit objectives, and development of an appropriate audit program
- Perform or assist in the performance of SOX compliance activities, system implementations, special projects, including risk assessments, fraud investigations, audit department policy updates, due diligence acquisition reviews, etc.
- Prepare and review audit work papers and reports documenting the result of reviews of assigned activities and management’s planned corrective actions
- Assist in the development and execution of a comprehensive audit plan based upon risk assessment, management’s goals and objectives
- Identify potential audit areas and estimating the time and skills required to complete audit projects
- Maintain a proficient level of knowledge to demonstrate and apply a thorough understanding of complex information systems and use knowledge of the current IT environment and industry IT trends to identify potential issues and risks
- Other duties and responsibilities as assigned
This position does not have supervisory responsibilities but will have eventually responsibilities as the continues to grow.
EDUCATION, TRAINING, AND PROFESSIONAL EXPERIENCE
- Bachelor’s degree in Computer Science, Management Information Systems or Accounting/Finance, or equivalent degree and/or experience
- Five to seven (5-7) years IT audit experience in an environment that provides exposure to sophisticated information systems audit techniques, network security, technology infrastructure, and software development.
- Previous experience with SOX and an understanding of the general compliance requirements related to information technology
- Understanding of concepts related to information systems audit, including security and control risks such as logical and physical access security, change management, information security, business recovery practices and network technology.
- Strong analytical ability, including network and network systems design, capacity planning, operations methodology, error detection/resolution techniques, quality assurance techniques, and IT implementation and management methodologies.
- Knowledge of Control Objectives for Information and Related Technology (COBIT) and other relevant IT / IS frameworks (e.g., HIPAA Security, ISO, NIST, PCI DSS)
- Previous experience in the health industry (e.g., payer, provider care)
- Data analytics/business intelligence experience
- Automation (e.g., robotic process automation) experience
- Data governance, data integration and database (e.g., data lake) management experience
- Mergers and acquisitions, due diligence, business process/system integration experience
- Governance, Risk and Compliance software experience
- Proven analytical skills - defining problems, collecting relevant data, drawing valid conclusions, and recommending improvement/corrective actions
- Demonstrated organizational and leadership skills, including the ability to successfully manage multiple projects simultaneously
- Demonstrated ability to work independently while contributing to the success of the team
- Exceptional communication skills that provide the ability to interact with all levels of the organization with a high customer service orientation
- Ability to negotiate and inspire effective, timely, proactive or corrective action by management
- Proficient in MS Office applications which include Outlook, Word, Excel, PowerPoint, Access, and Visio
BEHAVIORAL AND LEADERSHIP NORMS
- Bright Values: Lives the Bright Values. Given the individual role in the organization, creates a culture of positivity within team. Leads by example. Acts with quiet, calm determination. Effectively influences in team setting.
- Communication: Is an effective communicator. Internally, leads 1:1 and small groups of people in meetings. Capable of developing agenda, setting objectives, driving clarity of purpose and delivering the intended results. Can clearly articulate an inspiring goal/objective for each teammate and define success.
- Delivers Results: Is results oriented. Focuses on results, not effort, and is able to efficiently direct time and energy to achieving intended outcome. Takes strategic company initiatives and translates them to implementable processes that drive outcomes. Achieves strong results within their functional area. Focuses on managing against a predetermined set of objectives and creates and follows process.
- Direct Management: May oversee a team of people who interact externally with members/brokers/vendors or who perform highly specialized work. Responsible for training new employees and developing existing employees. Translates corporate goals into actionable individual goals. Delivers thoughtful and constructive feedback to teams. Sets an example for employees. Manages up appropriately and knows how and when to escalate an issue or situation to more senior manager.
- Prioritization: Establishes priorities by looking to predetermined goals in the organization. Is capable of deciphering priorities for self and for others and focuses the group on what must be done today, and who must do what. Is flexible and agile and can quickly reset priorities within team with clarity of purpose.
LICENSURES AND CERTIFICATIONS
- Certification as a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or other relevant certification
Work responsibilities will usually be performed in a home or open office setting, carrying out detailed work sitting at a desk/table and working on the computer. Occasional travel will be required.
We’re Making Healthcare Right. Together.
We understand patient pain points, eliminating complexity while increasing transparency, for greater access and easier navigation.
We integrate and align individual incentives at all levels, from financing to optimization to delivery of care.