Availity delivers revenue cycle and related business solutions for health care professionals who want to build healthy, thriving organizations. Availity has the powerful tools, actionable insights and expansive network reach that medical businesses need to get an edge in an industry constantly redefined by change.
The Sr. IT Auditor will assist the Audit Manager in executing the internal audit program by providing internal support for third party audits, pre and post-implementation of new IT system reviews, and segregation of duties reviews by:
• Conduct enterprise-wide audits and coordinate accreditations, certifications, assessment, and audits by third parties, including but not limited to health plans with audit rights, external financial auditors, SSAE-16, HIPAA, HITECH/ACA, EHNAC, HITRUST, PCI, internal audits.
• Analyze and classify information from third party supplier/vendors and determine remediation activities, and monitor controls to ensure they are adhered to according regulatory requirements that include relevant state and federal laws and regulations, standards, and internal policies and procedures.
• Assist with legal contract due diligence for third party assurance and audit due diligence process.
• Manage existing external customer, payers, supplier/vendor relationship for monitoring annual third party due diligence requirements.
• Manage the intake, tracking, and documentation for Compliance and Audit issues and manage reporting for monthly Audit Issues Tracking and Corrective Action Plans.
• Execute audit programs covering assigned information technology aspects of the business including strategic audits, as well as identifying potential audit areas from a high level risk assessment review.
• Propose and/or participate in Audit Department process improvements.
• Perform additional projects as assigned by the Audit Program Manager.
• Work in a team environment to assist in planning and auditing in accordance with accepted standards, reporting audit findings and making recommendations for correcting and improving operations and reducing costs.
The above cited duties and responsibilities describe the general nature and level of work performed by people assigned to the job. They are not intended to be an exhaustive list of all the duties and responsibilities that an incumbent may be expected or asked to perform.
• At least 8years of experience in audit, information security, risk and/or records management
• BS in related field or equivalent work experience in field
• One or more of the following certifications:
o Certified Information Systems Security Professional (CISSP)
o Certified Information Security Manager (CISM)
o Certified Information Systems Auditor (CISA)
• Able to demonstrate a comprehensive understanding of HIPAA privacy and security regulations, federal and state breach notifications, and other laws and regulations that control the privacy and security of information
• Demonstrates expertise in a variety of the field's concepts, practices, and procedures
• Experience with SSAE-16, HIPAA, HITECH/ACA, EHNAC, PCI, HITRUST, internal financial audits is preferred
• Strong understanding of business processes, internal control, compliance programs and audit processes
• Relies on experience and judgment to plan and accomplish goals.
• Ability to maintain confidentiality of highly sensitive information
• Must have ability to communicate audit and control related concepts to a broad range of technical and non-technical staff
• Experience with compliance and risk management
• Strong computer skills – Excel, Word, Access, PowerPoint, and SharePoint required.
• Working knowledge of risk-based control frameworks and assurance (COBIT, ITIL, COSO) and Internal Audit methodologies and processes.
• Ability to adapt to constantly changing priorities in managing a wide variety of projects
• Ability to demonstrate initiative, accountability and leadership
• Strong analytical and problem solving skills
• Excellent verbal and written communication skills with ability to communicate at all levels of the organization
• Sound decision making ability
• Ability to influence without authority
• Excellent planning and organizational skills
• Strong organizational and time management skills
• Ability to work effectively in a remote or virtual team environment
• Working knowledge of IT audit/security evaluation techniques and tools (HITRUST, ISO17799) is preferred
• Knowledge of information technology and business process evaluation and improvement techniques.
• Thorough understanding of application controls, IT operations and controls, system development life cycle, release management control procedures, and business continuity planning.
• Interact with all levels of management which may include senior management.
• Ability to travel up to 5% of the time.
Availity is an equal opportunity employer and makes decisions in employment matters without regard to race, religious creed, color, age, sex, sexual orientation, gender identity, gender expression, genetic information, national origin, religion, marital status, medical condition, disability, military service, pregnancy, childbirth and related medical conditions, or any other classification protected by federal, state, and local laws and ordinances.
NOTICE: Federal law requires all employers to verify the identity and employment eligibility of all persons hired to work in the United States. When required by state law or federal regulation, Availity uses I-9, Employment Eligibility Verification in conjunction with E-Verify to determine employment eligibility. Learn more about E-Verify at http://www.dhs.gov/e-verify.