Senior IT Audit and Compliance Auditor

Senior Auditor

Job Description Summary

Refers to the regulation compliance function for financial information collection, collation and reporting. May audit financial as well as procedural aspects. Has knowledge of best practices and how own area integrates with others; is aware of the competition and the factors that differentiate them in the market

Job Description

Roles and Responsibilities

Job Description – IT Audit Senior

Roles and Responsibilities

• With oversight from Managers, test internal controls by performing test of design and test of operating effectiveness by reviewing and documenting relevant evidence to conclude on the design and operational effectiveness of controls and the overall control environment.

• Collaborate with colleague across the globe, adaptability and strong understanding of global business practices are key attributes for success for this position.

• Lead and participate in meetings with key client contacts and stakeholders to review key concepts, gaps or issues with risk management and control design elements, support and conclusions.

• Adapt testing approach based on risks identified.

• Assess documentation, processes, methods, policies, costs, and other factors to determine if assigned scope areas are operating in accordance with established and relevant controls and in a way that adequately mitigates identified risks.

• Prepares clear and well-organized audit work documentation within an automated workflow that clearly documents root cause, work performed, investigation summaries, and recommendations.

• Review audit work documentation of other team members

• Present initial audit observations to the IA leadership and audit stakeholders, as required.

• Embrace an equitable and inclusive environment where people can bring their full selves to work and unlock their greatest potential and contributions to the team.

• Stay abreast of new and emerging regulations & trends that impacts the risk landscape and rapidly adjust audit plan or procedures accordingly.

Required Competencies

• Internal Control Knowledge: Ability to understand and assess the design, implementation, and operating effectiveness of internal controls.

• Information Technology Control Knowledge: Uses understanding of IT controls and IT control frameworks to evaluate IT controls across core business processes, requiring some guidance from dedicated IT auditors.

• A strong foundation on Information Security principles

• A sound knowledge of at least 2 out of the following domain areas: SDLC, Network & IT infrastructure, Cybersecurity (threat hunting, vulnerability assessment, DLP, etc.), Cloud Computing

• Project Management: Contributes to the planning and execution of planned audits.

• Critical thinking skills: An ability to view at a problem from multiple perspectives, assess risk, structured and logical thought process

• Root Cause Analysis: Ability to identify the root cause of an issue, demonstrating awareness of various root cause analysis techniques, such as the “5 why’s” test.

• Writing: Ability to document in a clear, concise, and logical manner process understanding (i.e., narratives/flow diagrams), risks, control descriptions, and test results (i.e., symptoms). Ability to analyze evidence and document findings in a structured and coherent way.

• Conflict Management Negotiation: Ability to handle difficult situations with diplomacy and tact and negotiate with management as appropriate to ensure key findings and follow-up actions are agreed upon.

• Influence: Ability to build trust and support with auditees

• Data Analysis and Business Intelligence Knowledge: General understanding of data and analytics techniques used in analyzing large volumes of data, ability to conduct simple data analysis using excel functions.

• Data Visualization: General understanding of data visualization techniques and their application

Required Qualifications

• A Bachelor's or Master’s degree in Engineering

• Two to five years of relevant internal audit or IT SOX testing experience in industries such as Manufacturing, Medical Devices, Technology, Consulting or Financial Services.

• Ability to travel internationally and domestically approximately 15-20%.

Desired Characteristics

• CISA, CISSP, CISM or other professional certification is a plus.

• Familiarity with industry standards/framework, such as NIST 800-53, NIST 800-171, NIST Privacy Framework, CSA CCM, ISO 27001, ITIL v3, COBIT and FAIR is desirable.

• Understanding of IT Operational Functions and concepts including IAM, Asset Management, Cybersecurity, Data Privacy

• Audit/risk management experience or exposure is preferred.

• General knowledge of legal, regulatory and compliance requirements.

• Excellent listening, verbal, written and presentation communication skills.

• Lean Process orientation; Passion to help improve operations continuously

• Experience with data analytics is a plus.

• Strong project management and organization skills.

• Problem solving skills that demonstrate logical and analytical thought processes.

• Know how to use technology and data to get things done.

• Ability to flex personal style according to the context of a situation to drive engagement with all stakeholders.

Inclusion and Diversity

GE HealthCare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.

Additional Information

Experience Level

Senior Level