It Audit Manager Jobs

Ready to help us transform healthcare? Bring your true colors to blue.
***This position is eligible in the following personas: E-Worker, Mobile and Resident***
What We Need:
Internal Audit is part of the Audit, Risk Management, and Information Security (ARMIS) division, which is responsible for identifying, evaluating, and ensuring effective risk management. The Manager – IT and Security Audit reports to the Senior Director of IT and Security Audit and has the primary responsibility to develop and oversee the execution of all IT and Security compliance audits including Model Audit Rule (MAR), HITRUST, Service Organization Control 1 and 2 (SOC1 and SOC2) type 2 audits, and other compliance and regulatory audits. This position leads, develops and manages senior auditors and other associates as the team collaborates with other Internal Audit teams to deliver operational readiness reviews, business risk assessments, and focused or targeted audits and procedures. The Manager – IT and Security Audit may also facilitate and collaborate with the Regulatory Director in audits of our Pharmacy Benefit Manager (PBM) and/or oversee the execution of IT related aspects of audits performed by external parties such as Division of Insurance, Centers for Medicare and Medicaid Services, Federal Employee Program Directors’ Office, Blue Cross Blue Shield Association, etc.
Your Day to Day:
1. Collaborates with various Internal Audit teams to develop a cohesive cross-functional annual audit plan and oversees and leads project teams in the timely completion of the plan and mandated initiatives in alignment with ARMIS policies and standards.
2. Develops ARMIS talent by providing timely feedback, mentorship and leadership in support of individuals’ personal development plans and in alignment with the Internal Audit career progression matrix.
3. Drafts, reviews and finalizes audit communications including senior leadership dashboards, findings, process improvements, audit reports and other deliverables in alignment with ARMIS policies and procedures.
4. Helps improve the company’s risk posture by identifying control weaknesses, evaluating potential impacts of emerging risks and changes to the control environment, advising IT and business unit leadership on “control consciousness”, and participating in various corporate committees such as the Fraud Waste and Abuse Committee, Corporate Data Standards Committee, and others as applicable.
5. Identifies potential automation and full-population reviews in advancement of the Audit Automation plan.
This document is not an exhaustive list of all responsibilities, skills, duties, requirements, or working conditions associated with the job. Employees may be required to perform other job-related duties.
We’re Looking for:
Advanced proficiency in internal IT general control frameworks/requirements with a basic understanding of business operations and financial controls.
Proficiency with Microsoft Office (Word, Excel, Access, Power Point, and Visio).
Ability to develop and review IT audit testing approaches and reprioritize team assignments depending on resource availability, requests by executive management, or new information about the environment.
Excellent verbal and written communication skills with the ability to present and defend audit findings while influencing senior and executive stakeholders.
Ability to develop and maintain positive relationships with peers, management, and external parties.
Ability to lead others while also being willing to actively perform audit testing when needed.
Excellent time management skills and ability to plan and set priorities.
Proven capability to develop alternative procedures or approaches to achieve project objectives.
Healthcare or insurance industry experience is preferred but not required.
What You Bring:
Bachelor’s degree required, Master’s degree a plus.
IT audit or security certification such as Certified Information Systems Auditor (CISA), Certified Information System Security Professional (CISSP), or Certified Information Security Manager (CISM) is required; certification in audit discipline (CPA, CIA) is a plus.
Minimum of two years’ audit management experience in large-scale information systems security environments; experience leading cross-functional teams in a complex multi-product healthcare payer environment is preferrable.
Minimum of five years’ overall experience in information technology and/or security audit discipline, preferably with a focus on the healthcare payer environment.
What You’ll Gain:
This is a high-profile position that will give you the opportunity to learn about and interact with many departments and all levels of the organization. You will be able to influence and strengthen the risk management processes across the enterprise while helping Internal Audit continuously improve our processes and develop our associates.
It is our mission at Blue Cross Blue Shield of Massachusetts to foster a culture that enables associates to do their best work while living happy and healthy lives. That's why we offer you a variety of ways to support your best physical, emotional, financial, and social well-being. For more information on our benefit offerings, visit https://careers.bluecrossma.org/us/en/benefits
#LI-REMOTE
Minimum Education Requirements:
High school degree or equivalent required unless otherwise noted above
Location Boston Time Type Full time
WHY Blue Cross Blue Shield of MA?
We understand that the confidence gap and imposter syndrome can prevent amazing candidates coming our way, so please don’t hesitate to apply. We’d love to hear from you. You might be just what we need for this role or possibly another one at Blue Cross Blue Shield of MA. The more voices we have represented and amplified in our business, the more we will all thrive, contribute, and be brilliant. We encourage you to bring us your true colors, , your perspectives, and your experiences. It’s in our differences that we will remain relentless in our pursuit to transform healthcare for ALL.
As an employer, we are committed to investing in your development and providing the necessary resources to enable your success. Learn how we are dedicated to creating an inclusive and rewarding workplace that promotes excellence and provides opportunities for employees to forge their unique career path by visiting our Company Culture page. If this sounds like something you’d like to be a part of, we’d love to hear from you. You can also join our Talent Community to stay “in the know” on all things Blue.
At Blue Cross Blue Shield of Massachusetts, we believe in wellness and that work/life balance is a key part of associate wellbeing. We provide a flexible hybrid work model in which roles are designated as resident (on site 4-5 days/week), mobile (on site 1-3 days/week), or eworker (on site 0-3 days/month).
Blue Cross Blue Shield of Massachusetts, has a COVID-19 vaccination requirement. Your offer of employment is dependent upon either being fully vaccinated for COVID-19 or an accommodation based on a disability or sincerely held religious belief, practice, or observance by submitting a request to Human Resources.