Senior Manager, It And Information Security Audit

Ready to help us transform healthcare? Bring your true colors to blue.
***This position is eligible in the following personas: E-Worker, Mobile and Resident***
What we need :
Internal Audit is part of the Audit, Risk Management, and Information Security (ARMIS) division, which is responsible for identifying, evaluating, and ensuring effective risk management. The Senior Manager – IT and Information Security Audit reports to the Senior Director of IT and Security Audit. The Senior Manager – IT and Information Security Audit will shape the future of Internal Audit by developing and overseeing the execution of an automation plan to provide audit services more efficiently and with more coverage, to deliver timely and actionable insights to executive leaders. The Senior Manager – IT and Information Security Audit will develop and oversee the execution of all IT and Security risk-based audits and consulting engagements and operational readiness assessments (new systems or modifications to existing systems). The Senior Manager – IT and Information Security Audit leads, develops, and manages senior auditors and other associates and collaborates with the Manager of IT Compliance and other Internal Audit teams to ensure a holistic view of risks within the enterprise. The Senior Manager – IT and Information Security Audit position will maintain relationships with senior IT and business leaders and will engage other audit managers to develop reports for executives and the Audit Committee.
Your Day to Day:
1. Collaborates with various Internal Audit teams to develop a cohesive cross-functional annual audit plan. Oversees and leads project teams in the timely completion of the plan and mandated initiatives in alignment with ARMIS policies and standards.
2. Develops ARMIS talent by providing timely feedback, mentorship, and leadership in support of individuals’ personal development plans and in alignment with the Internal Audit career progression matrix.
3. Collaborates across the organization as the automation lead for Internal Audit to develop a formal automation plan for full population reviews and advanced analytics to strengthen the enterprise control framework.
4. Improves the company’s risk posture by identifying control weaknesses, continuously evaluating impacts of changes to the control environment, escalating concerns for emerging IT, security and business risks as projects are in-flight, and providing input and assistance to management in evolving the long-term IT strategy.
5. Influence corporate IT governance by collaborating with the CISO on topics such as security concerns and HIPAA standards, assessing new risks to the organization, helping to develop a comprehensive annual audit program, prioritizing projects, deploying audit resources, and producing audit communications including dashboards, process improvements, audit reports and other deliverables in alignment with ARMIS policies and procedures.
This document is not an exhaustive list of all responsibilities, skills, duties, requirements, or working conditions associated with the job. Employees may be required to perform other job-related duties.
We’re Looking for:
Advanced proficiency in internal IT general control frameworks/requirements with a basic understanding of business operations and financial controls.
Experience in developing and deploying robotic process automation (RPA) and other automation methodologies, utilizing technologies such as Blue Prism, Visual Basic (VBA), Power BI, SQL and/or others.
Proficiency with Microsoft Office (Word, Excel, Access, Power Point, and Visio).
Ability to apply in-depth understanding of information technology and security concepts to execute and oversee a complex audit strategy involving technical, administrative, and physical controls and safeguards while responding to changes in the environment.
Excellent verbal and written communication skills with the ability to present and defend audit findings while influencing senior and executive stakeholders who possess diverse perspectives.
Ability to develop and maintain positive relationships with peers, management, and external parties.
Ability to lead others (direct reports and matrixed associates) and ensure on-time completion of audit activities in alignment with audit guidelines and quality standards.
Experience developing staff members in support of development goals and career progression plans.
Extensive experience with project management, long-term planning and strategy required.
Demonstrated understanding and knowledge of healthcare or insurance industries.
What You Bring:
Bachelor’s degree required, Master’s degree a plus.
IT audit or security certification such as Certified Information Systems Auditor (CISA), Certified Information System Security Professional (CISSP), or Certified Information Security Manager (CISM) is required.
Minimum of two years’ audit management and leadership experience in large-scale information systems security environments; experience leading cross-functional teams in a complex multi-product healthcare payer environment is preferrable.
Minimum of seven years’ overall experience in information technology and/or security audit discipline, preferably with a focus on the healthcare payer environment.
What You’ll Gain:
This is a high-profile position that will give you the opportunity to interact with many departments at various levels of the organization. You will influence and strengthen the risk management processes across the enterprise, modernize the Internal Audit function, and enhance the careers of our associates.
It is our mission at Blue Cross Blue Shield of Massachusetts to foster a culture that enables associates to do their best work while living happy and healthy lives. That's why we offer you a variety of ways to support your best physical, emotional, financial, and social well-being. For more information on our benefit offerings, visit https://careers.bluecrossma.org/us/en/benefits
#LI-REMOTE
Minimum Education Requirements:
High school degree or equivalent required unless otherwise noted above
Location Boston Time Type Full time
Salary Range: $121,320.00 - $148,280.00
The job posting range is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee’s pay position within the salary range will be based on several factors including, but limited to, relevant education, qualifications, certifications, experience, skills, performance, shift, travel requirements, sales or revenue-based metrics, and business or organizational needs and affordability.
This job is also eligible for variable pay.
We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and a suite of well-being benefits to eligible employees.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.
WHY Blue Cross Blue Shield of MA?
We understand that the confidence gap and imposter syndrome can prevent amazing candidates coming our way, so please don’t hesitate to apply. We’d love to hear from you. You might be just what we need for this role or possibly another one at Blue Cross Blue Shield of MA. The more voices we have represented and amplified in our business, the more we will all thrive, contribute, and be brilliant. We encourage you to bring us your true colors, , your perspectives, and your experiences. It’s in our differences that we will remain relentless in our pursuit to transform healthcare for ALL.
As an employer, we are committed to investing in your development and providing the necessary resources to enable your success. Learn how we are dedicated to creating an inclusive and rewarding workplace that promotes excellence and provides opportunities for employees to forge their unique career path by visiting our Company Culture page. If this sounds like something you’d like to be a part of, we’d love to hear from you. You can also join our Talent Community to stay “in the know” on all things Blue.
At Blue Cross Blue Shield of Massachusetts, we believe in wellness and that work/life balance is a key part of associate wellbeing. We provide a flexible hybrid work model in which roles are designated as resident (on site 4-5 days/week), mobile (on site 1-3 days/week), or eworker (on site 0-3 days/month).