Transforming the future of healthcare isn’t something we take lightly. It takes teams of the best and the brightest, working together to make an impact. As one of the largest healthcare technology companies in the U.S., we are a catalyst to accelerate the journey toward improved lives and healthier communities. Here at Change Healthcare, we’re using our influence to drive positive changes across the industry, and we want motivated and passionate people like you to help us continue to bring new and innovative ideas to life.
If you’re ready to embrace your passion and do what you love with a company that’s committed to supporting your future, then you belong at Change Healthcare. Pursue purpose. Champion innovation. Earn trust. Be agile. Include all. Empower Your Future. Make a Difference.
Change Healthcare is seeking a Sr. Director, IT Security in our Nashville, TN location. Travel is between 10% - 20%.
Relationship / Portfolio Management:
- Develop & maintain positive relationships with key management & other stakeholders for the assigned businesses / functions.
- Educate & dialogue with stakeholders regarding the role of Internal Audit in the organization.
- Develop & continually enhance knowledge businesses and processes in portfolio.
Risk Program / Plan Development:
- Collaboratively & actively participate in the Enterprise Risk Management (ERM) program related to portfolio with key stakeholders and other internal risk assessing organizations.
- Based on knowledge of businesses and processes, identification of key risks in ERM and on-going dialogue with the stakeholders, identify key drivers (i.e., sub risks) contributing to ERM risks.
- Based on risks identification, develop annual IT Internal Audit strategy and plan for portfolio & continual refresh as needed based on risks identification.
Plan Execution:
- Actively lead execution of Internal Audit plan for portfolio ensuring that audits are conducted in accordance with department policies & procedures and are executed in accordance with planned timing.
Individual Audit Project Execution:
- Develop audit scope, objectives & planned timing based on identified risks.
- Determine & coordinate resource requirements to meet audit objectives.
- Actively lead planning of audit program.
- Effectively communicate with stakeholder’s expectations of audit process.
- Review audit work in-process to ensure work meets quality expectations & is being completed in accordance with plan.
- Effectively & timely communication of key findings to management to facilitate expedient closure / remediation of key issues.
Internal & Board Level Committee Reporting (i.e., Audit Committee, etc.):
- Provide information regarding status & results for audit portfolio to Internal Audit Program Manager in a timely manner for internal & Board level updates.
Resource engagement:
- Actively engage portfolio audit resources to ensure production is at the expected level.
- Individually engage with each portfolio audit resource at least quarterly to ensure appropriate dialogue related to objectives & key results (OKRs).
- Create and execute a continuous learning culture including a road map of proficiencies to be attained through courses/certifications and hands-on training
Key Metrics / Balanced Scorecard:
- Ensure key Internal Audit metrics are met for portfolio resources.
Minimum Requirements:
Ten + years of progressive Internal Audit leadership experience in a complex technology environment (Experience within IT Operations and/or IT Leadership roles within Infrastructure, Security, Application development considered a plus)
Critical Skills:
Advanced knowledge of technology controls including: application security management [e.g. user entitlements, authentication, accountability, data protection], system architecture and design [e.g. availability, performance, scalability, data integrity and validation], technology operations [e.g. change and release management, data backup and retention, performance and capacity management], and technology governance [e.g. technology risk management, cyber security rules and regulations
Additional Knowledge & Skills
- Hands-on knowledge & experience with industry-leading technologies and products supporting Cloud/DevOps, information security, data privacy, risk management, and IT compliance
- Strong understanding of application development, databases, operating systems, networking and other key technology infrastructure components
- Advanced knowledge of technology controls including: application security management [e.g. user entitlements, authentication, accountability, data protection], system architecture and design [e.g. availability, performance, scalability, data integrity and validation], technology operations [e.g. change and release management, data backup and retention, performance and capacity management], and technology governance [e.g. technology risk management, cyber security rules and regulations
- Capacity to manage and/or perform multiple priorities simultaneously
- Demonstrated skills in project planning & management
- Excellent communication (verbal including presentation skills, written, and interpersonal skills
- Strong Microsoft skills including Excel, Word, Visio, PowerPoint, Project, and Access
- Active participation/leadership in technology and/or audit organizations/councils preferred
Education:
Undergraduate or graduate degree in Management Information Systems, Engineering, Technology, Computer Science or other applicable discipline.
Certifications
- Certified Information Systems Security Professional (CISSP) required.
- Additional preferred certifications: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA); HiTrust Certified CSF Practitioner (CCSFP); PCI Qualified Security Assessor (QSA)
Join our team today where we are creating a better coordinated, increasingly collaborative, and more efficient healthcare system!
To apply for this role, please use this link: Complete Job Posting - Sr. Director, IT Audit