Our Mission is to Make Healthcare Right. Together. Built upon the belief that by connecting and aligning the best local resources in healthcare delivery with the financing of care, we can deliver a superior consumer experience, lower costs, and optimized clinical outcomes.
What drives our mission? The company values we live and breathe every day. We keep it simple: Be Brave. Be Brilliant. Be Accountable. Be Inclusive. Be Collaborative.
If you share our passion for changing healthcare so all people can live healthy, brighter lives – apply to join our team.
SCOPE OF ROLE
Bright Health is seeking a Staff IT Auditor for its rapidly growing organization. In this role, the Staff IT Auditor will support the building of a value-added internal audit function that focuses on the risks that matter, is collaborative and innovative. The Staff IT Auditor, with the support from Senior Auditors, will perform assigned individual audit projects or portions of projects to evaluate IT, IT operations and the adequacy of the system of control to achieve established objectives. The Staff IT Auditor will also support Audit’s annual risk assessment and the corporate Sarbanes-Oxley (SOX) compliance program, prepare audit reports, report results to management and other related duties. This is a dynamic position that requires working with personnel across all functions of the company and at varying levels of responsibility.
The Staff IT Auditor job description is intended to point out major responsibilities within the role, but it is not limited to these items.
- Plan and execute corporate information technology (IT) audit projects designed to provide assessment of internal control processes and operational performance, in accordance with department and professional standards. This includes preparing detailed plans for performing individual projects, including the identification of key risks and controls, determination of audit objectives, and development of an appropriate audit program.
- Perform or assist in the performance of SOX compliance activities, system implementations, special projects, including risk assessments, fraud investigations, audit department policy updates, due diligence acquisition reviews, etc.
- Prepare and review audit work papers and reports documenting the result of reviews of assigned activities and management’s planned corrective actions.
- Assist in the development and execution of a comprehensive audit plan based upon risk assessment, management’s goals and objectives. Identify potential audit areas and estimating the time and skills required to complete audit projects.
- Maintain a proficient level of knowledge to demonstrate and apply a thorough understanding of complex information systems and use knowledge of the current IT environment and industry IT trends to identify potential issues and risks.
- Other duties and responsibilities as assigned.
- This position does not have supervisory responsibilities.
EDUCATION, TRAINING, AND PROFESSIONAL EXPERIENCE
- Bachelor’s degree in Computer Science, Management Information Systems or Accounting/Finance, or equivalent degree and/or experience
- 1-3 years' IT audit experience in an environment that provides exposure to sophisticated information systems audit techniques, network security, technology infrastructure, and software development.
- Exposure to SOX and the general compliance requirements related to information technology
- Understanding of concepts related to information systems audit, including security and control risks such as logical and physical access security, change management, information security, business recovery practices and network technology.
- Basic knowledge of Control Objectives for Information and Related Technology (COBIT) and other relevant IT / IS frameworks (e.g., HIPAA Security, SOC2, HITRUST, ISO, NIST, PCI DSS)
- Previous experience in the health industry (e.g., payer, provider care) working on a Big 4 or industry.
- Data analytics/business intelligence experience
- Automation (e.g., robotic process automation) experience
- Data governance, data integration and database (e.g., data lake) management experience
- Mergers and acquisitions, due diligence, business process/system integration experience
- Governance, Risk and Compliance software experience
- CISA or willing to pursue certification.
- Proven analytical skills - defining problems, collecting relevant data, drawing valid conclusions, and recommending improvement/corrective actions
- Demonstrated organizational skills, including the ability to successfully manage multiple projects simultaneously
- Demonstrated ability to work independently while contributing to the success of the team
- Exceptional communication skills that provide the ability to interact with all levels of the organization with a high customer service orientation
- Ability to negotiate and inspire effective, timely, proactive or corrective action by management
- Proficient in MS Office applications which include Outlook, Word, Excel, PowerPoint, Access, and Visio.
BEHAVIORAL AND LEADERSHIP NORMS
- Bright Values: Lives the Bright Values. Given the individual role in the organization, creates a culture of positivity within team. Leads by example. Acts with quiet, calm determination. Effectively influences in team setting.
- Communication: Is an effective communicator. Internally, leads 1:1 and small groups of people in meetings. Capable of developing agenda, setting objectives, driving clarity of purpose and delivering the intended results. Can clearly articulate an inspiring goal/objective for each teammate and define success.
- Delivers Results: Is results oriented. Focuses on results, not effort, and is able to efficiently direct time and energy to achieving intended outcome. Takes strategic company initiatives and translates them to implementable processes that drive outcomes. Achieves strong results within their functional area. Focuses on managing against a predetermined set of objectives and creates and follows process.
- Prioritization: Establishes priorities by looking to predetermined goals in the organization. Is capable of deciphering priorities for self and for others and focuses the group on what must be done today, and who must do what. Is flexible and agile and can quickly reset priorities within team with clarity of purpose.
- The position’s preferred location is Minnesota on a hybrid work environment or in one of the main company hubs. There is flexibility to allow 100% remote with very minimal travel.
We’re Making Healthcare Right. Together.
We understand patient pain points, eliminating complexity while increasing transparency, for greater access and easier navigation.
We integrate and align individual incentives at all levels, from financing to optimization to delivery of care.