IT Lead Auditor

SHIFT:

Day (United States of America)

Seeking Breakthrough Makers
Children’s Hospital of Philadelphia (CHOP) offers countless ways to change lives. Our diverse community of more than 20,000 Breakthrough Makers will inspire you to pursue passions, develop expertise, and drive innovation.
At CHOP, your experience is valued; your voice is heard; and your contributions make a difference for patients and families. Join us as we build on our promise to advance pediatric care—and your career.
CHOP’s Commitment to Diversity, Equity, and Inclusion
CHOP is committed to building an inclusive culture where employees feel a sense of belonging, connection, and community within their workplace. We are a team dedicated to fostering an environment that allows for all to be their authentic selves. We are focused on attracting, cultivating, and retaining diverse talent who can help us deliver on our mission to be a world leader in the advancement of healthcare for children.
We strongly encourage all candidates of diverse backgrounds and lived experiences to apply.
A Brief Overview
The IT Auditor III (Lead Auditor) performs audits of higher risk and more complex new and existing information systems to evaluate the adequacy and effectiveness of controls and compliance with IT standards. This includes assessment of critical institutional information systems implementations, information security, emerging technologies, and reviews of significant information technology processes. The IT Lead Auditor is also responsible for supervising other assigned IT audit staff in testing and reviewing information systems, data security, and key Digital and Technology Services (DTS) and other IT project initiatives to identify and assess risk and provide best practice control technique recommendations. In addition, the IT Lead Auditor maintains and updates the information systems audit universe, leads the information systems risk assessment, and provides input on audit project recommendations for inclusion in the annual Internal Audit Plan. The IT Lead Auditor also collaborates with the DTS Information Security management during the follow-up on the implementation status of corrective actions related to previously reported audit observations as well as consults with DTS and other IT management on control design and/or necessary actions to implement these corrective action plans.

This position is hybrid and will require 3-4 days onsite
What you will do

• Leads and conducts audits of higher risk and more complex information systems such as implementations of critical information systems, cybersecurity, cloud technology, emerging technologies (e.g., artificial intelligence, automation) with minimal management supervision.
• In addition, leads reviews of general controls, application/operating systems, network performance, disaster recovery and key DTS project initiatives in accordance with department and professional standards.
• For each audit project, leads the completion of all planning activities and develops the testing strategy based on a risk assessment.
• Designs, supervises, and reviews the testing procedures performed by other IT audit staff to ensure audit objectives are achieved. Prepares and reviews the work papers of other assigned staff to ensure adherence with departmental and professional standards.
• Develops recommendations to improve internal controls for risks identified. Leads and conducts entrance and exit conferences with DTS and other IT management.
• Drafts audit reports and presents results to Senior DTS and other IT management.
• Maintains the information technology audit universe and co-leads the annual information systems risk assessment, including maintenance of the risk scoring template and reporting of risk assessment results.
• Recommends audits for inclusion in the annual Internal Audit Plan.
• Coordinates with DTS Information Security Department management to follow-up and determine the implementation status of previously reported information systems audit observations.
• Consults with DTS management on control design and/or the actions necessary to fully implement the required corrective action plans.
• Assists the financial/operational auditors in assessing and testing information systems controls in applications being reviewed.
• Performs other department administrative procedures as assigned and takes a lead role in executing projects related to supporting Internal Audit's strategic plan.

Education Qualifications

• Bachelor's Degree Computer Science, Management Information Systems, or similar field of study Required
• Master's Degree Preferred

Experience Qualifications

• At least four (4) years experience in information systems auditing, public accounting's computer audit specialist practice, and/or information system operations in a corporate or not-for-profit organization. Required
• Healthcare experience Preferred

Skills and Abilities

• Good working knowledge of internal control conceptual frameworks (e.g., COBIT, Hi-trust, COSO, etc.) and the IIA's Standards for the Professional Practice of Internal Auditing. (Required proficiency)
• Working knowledge of EPIC, and Workday suite of software preferred. (Preferred proficiency)
• Working knowledge of the systems development lifecycle, project management, IT general controls, networking, cybersecurity, cloud technologies, IT vendor risk management, and Service Organization Controls Reports. (Required proficiency)
• Possesses excellent project-management, interpersonal, and communication (verbal and written) skills. (Required proficiency)
• Ability to work independently, identify opportunities, and assume responsibility. (Required proficiency)

Licenses and Certifications

• Certified Information Systems Auditor (CISA) - Information Systems Audit and Control Association (ISACA) - within 18 months - Required
• Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium - upon hire - Preferred
• Certified Internal Auditor (CIA) - Institute of Internal Auditors - upon hire - Preferred

To carry out its mission, CHOP is committed to supporting the health of our patients, families, workforce, and global community. As a condition of employment, CHOP employees who work in patient care buildings or who have patient facing responsibilities must be fully vaccinated against COVID-19 and receive an annual influenza vaccine. Learn more.
Employees may request exemptions for valid religious and medical reasons. Start dates may be delayed until candidates are immunized or exemption requests are reviewed.
EEO / VEVRAA Federal Contractor | Tobacco Statement