Director IT Audit

Directs all activities relating to the audit of information system procedures and systems and manages and directs IT audit staff in the Chicago and Washington, D.C.

offices.

Responsibilities

Responsibilities include but are not limited to:

• Functions as the most senior IT audit expert within BCBSA.

Develops and implements a strategy to audit the significant risk of information systems’ activities and operations for both the Chicago and Washington office locations.

Meets with and solicits input from the CIO, CISO, and senior IT leadership to ensure a comprehensive audit risk approach.

Plans and manages the development and execution of all IT related audit activities, including audit programs and control guidelines, and identifying and executing integrated audits in conjunction with the Operational Audit function.

Documents work performed according to professional standards and provides reports to highlight areas for improvement, as well as to present findings to senior Internal Audit leadership for approval and communication to senior management and the Finance & Audit Committee.

Partners with clients to develop day-to-day strategies, positions and/or compromises on audit issues working toward building consensus on these issues.

• Evaluates the design and operation of information security controls over systems, data, and PHI/PII.

Assesses the program management and conducts pre-and post –implementation reviews associated with significant technology change initiatives, evaluates controls over computer operations including third party service providers and business continuity/disaster recovery considerations.

• Serves as the Association’s primary contact on IT audit and control issues for Licensee and professional industry organizations.

Assists in the development and presentation of the IT audit curriculum for the BCBSA sponsored National Summit; Plan roundtables; and participation with the IIA, ISACA, and other professional organizations as appropriate.

• Directs IT audit staff, including assignment and workpaper review, personnel and performance review, scheduling, related administrative functions, etc.

Ensures that staff activities are performed in compliance within budget, procurement, and other established BCBSA policies, standards, and procedures.

• Participates and leads inter-departmental task forces and special projects to provide internal consulting support on IT control and process efficiency issues.

Participates and/or leads Plan QAR reviews as assigned.

Develops customized and special request information system data extracts and presentations, utilizing PeopleSoft, Excel, Access, HTML, PowerPoint, and other software applications as appropriate.

Qualifications

Required Basic Qualifications:

• Bachelors Degree 

• Ten years of IT audit experience with progressive responsibilities is required

• Minimum 5 years of staff management, development and team leadership experience

• Experienced in conducting internal audits under the IIA IPPF (Standards), COBIT, etc.

• CPA, CISA, or CIA

Preferred Basic Qualifications:

• Public Accounting/Big 4 consulting

• Experience conducting/managing SOC 2 Type reviews; familiarity with Hi-Trust

• Health-care or insurance industry experience, which demonstrates conceptual knowledge of BCBSA business

• Prior experience working in an IT environment

• PAHM/FAHM

• Other specific IT certifications

• Comprehensive knowledge of and experience in internal audit techniques, COSO control philosophy, COBIT, IIA QAR experience, process auditing, use of current technology (e.g.

Cloud computing, Blockchain, Cyber Security, Artificial Intelligence/Robotic Process Automation, computer operations/data center, business continuity/disaster recovery planning, third party risk management) and administration processes

• Strong communication skills

• Ability to prepare a variety of statements, reports, and analyses to support audit findings.

The ability to work independently to conclusion of audit is essential

• Strong problem solving skills, analytical skills, the ability to use inductive and deductive reasoning to propose solutions for sensitive issues

• Ability to exercise independent business judgments and exercise discretion are essential, particularly related to determining appropriate risk based conclusions

• Also requires the ability to conduct internal and external presentations to various groups, both in an information and training context

• Ability to develop a network of audit professionals to benchmark with other Plans or companies to identify and share best practices

• Proficiency with data extract software (e.g.

People Soft, ACL, and Benford’s Law) is desired

Equal Opportunity Employer

Blue Cross Blue Shield Association is an equal opportunity employer.

We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, disability, veteran status, genetic information or any other legally protected characteristics