What are the responsibilities and job description for the Senior IT Internal Auditor position at Baptist Memorial Healthcare Corporation?
Job Description
Job Title: Auditor-Internal IT Senior
Dept: Corporate Auditing & Consulting
Reports to: Director of IT Audit
Position Summary
Performs independent and objective assurance and advisory activities to add value and enhance the effectiveness of IT controls within BMHCC operations. Critical tasks include risk assessments, internal control reviews and audits performed following established auditing and ethical standards, with a particular emphasis on IT controls and operations. Promotes compliance with healthcare regulations, protection of sensitive patient information, and operational efficiency by identifying risks and recommending improvements.
Responsibilities IT Audit Planning & Execution
Risk Assessment & Compliance
Documentation & Reporting
Collaboration & Advisory
Required Preferences & QualificationsEducation & Experience
Technical Skills
Soft Skills
Preferred Certifications
Job Title: Auditor-Internal IT Senior
Dept: Corporate Auditing & Consulting
Reports to: Director of IT Audit
Position Summary
Performs independent and objective assurance and advisory activities to add value and enhance the effectiveness of IT controls within BMHCC operations. Critical tasks include risk assessments, internal control reviews and audits performed following established auditing and ethical standards, with a particular emphasis on IT controls and operations. Promotes compliance with healthcare regulations, protection of sensitive patient information, and operational efficiency by identifying risks and recommending improvements.
Responsibilities IT Audit Planning & Execution
- Assists Internal Audit leadership in the development and execution of risk-based IT audit plans aligned with departmental standards and healthcare regulatory requirements.
- Identifies key controls, risks, and audit objectives; design audit programs tailored to healthcare IT environments.
- Conducts audits of IT systems, applications, databases, and infrastructure, including EHR/EMR platforms, cybersecurity controls, and data privacy processes.
Risk Assessment & Compliance
- Assesses IT risks related to data privacy, cybersecurity, change management, business continuity, and system access.
- Ensures compliance with HIPAA, NIST, and internal policies.
Documentation & Reporting
- Prepares clear, concise audit reports summarizing findings, risks, and recommended corrective actions.
Collaboration & Advisory
- Collaborates effectively with cross-functional teams and influence stakeholders.
- Partners with IT, cybersecurity, compliance, and clinical operations teams to evaluate new systems, security enhancements, and major IT initiatives.
- Coordinates with external auditors to support reliance on internal IT audit work.
Required Preferences & QualificationsEducation & Experience
- Bachelor's degree in Information Systems, Computer Science, Accounting, or related field.
- Three years of IT audit experience, preferably in healthcare.
Technical Skills
- Strong knowledge of IT general controls (ITGC), cybersecurity frameworks, and healthcare IT systems.
- Experience with vulnerability assessments, data privacy controls, and change management processes.
- Proficiency with audit tools, SQL, Microsoft Office, and database applications including data analysis software.
Soft Skills
- Excellent analytical, communication, and report-writing abilities.
- Strong judgment, attention to detail, and ability to manage multiple projects independently.
Preferred Certifications
- CISA (Certified Information Systems Auditor)
- CISSP (Certified Information Systems Security Professional)
- CIA (Certified Internal Auditor)