Corporate IT Auditor

Responsible for serving as an internal control consultant conducting internal corporate and information technology (IT) and system audits and reviews of business processes and supporting vendors. Provides risk education and project risk assessment to mitigate risk and assess the control environment of each auditable unit. Develops and communicates risks and recommended controls for multiple layers of leadership.

• Conduct internal audits and reviews to identify risks, document established controls to mitigate risk and assess the control environment of each auditable unit.
• Identify datasets/sources that are relevant to the audit and connect risks to data.
• Communicate issues, audit results, and recommendations in a clear and concise manner to appropriate levels of operating and/or Information Technology management, including activity updates to the Audit Committee of the Board of Directors.
• Assist in the development of the annual audit plan through risk universe identification.
• Assist in the facilitation of project risk assessments and lessons learned sessions. Assist in conducting management action planning workshops to discuss business and IT risks, prioritize control issues and develop corrective action plans.
• Provide information on business risk management standards and responsibilities and the implementation and application of a project risk control process.
• Develop, maintain, and report against a work plan, as work progresses, given scope and objectives. Prepare complete and accurate audit workpapers in a timely manner.
• Suggests improvements to audit methodologies, policies, and procedures to incorporate lessons learned, including innovative uses of data including analytics and visualization.
• Assist in educating and training BCBSM project staff, employees and management on internal corporate and Information Technology controls and encourage change that promotes an effective and efficient control environment.

QUALIFICATIONS

• Bachelor's Degree in Business Administration, Accounting, Finance, Management or Accounting Information Systems, Computer Science, or closely related field is required.
• Four (4) years of related work experience, which includes two (2) years of identifying and evaluating technology risk and controls
• One or more of the following professional certifications preferred: Certified Internal Auditor, Certified Public Accountant, Certified Information Systems Auditor, Certified in Risk and Information Systems Control, Certified Information Systems Security Professional, Certified in the Governance of Enterprise IT or Project Management Professional.
• Strong analytical and critical thinking skills, as is necessary to identify datasets/sources that are relevant to the audit. 
• Strong oral communication skills, including presentations, as is necessary to effectively communicate audit information to financial and non-financial individuals, including senior level management. 
• Strong written communication skills, including the proven ability to tell a relevant business story using data and visualizations.
• Intermediate problem-solving ability, as necessary to solve problems in a dynamic team environment and handle multiple assignments in a timely manner. 
• Advanced conflict management skills, as necessary to resolve issues where corporate areas are in disagreement.
• Intermediate proficiency using Microsoft Word, Excel, and Project.
• Intermediate proficiency in use of audit software and visualization tools (i.e., automated work papers, ACL, Tableau, etc.).
• Strong interpersonal skills to effectively interface with various levels of management as well as contacts outside the organization. 
• Knowledge of project audit methodologies, risk management and project management techniques to detect and resolve complex multidisciplinary issues.
• Demonstrate high standards of conduct and ethics as well as appropriate judgment, independence and discretion as required by the IIA Standard of Professional Practice of Internal Auditing and Code of Ethics.
• Understanding of auditing principles and applications as derived from standards for the professional practice of internal and information technology auditing (i.e. Institute of Internal Auditors (COSO), the Information Systems 
• Audit & Control Association (COBIT), and the Project Management Institute). 
• Comprehensive understanding of auditing principles, processes, and working knowledge of information technology general controls (e.g. system development life cycle, change control, access administration) and business process - IT controls (e.g. application controls including embedded and configurable (i.e., passwords and edit checks, etc.).