Everyone who works with Mercy Health is united under one purpose: to help our patients be well in mind, body and spirit. This drive, along with our history of faith, is a powerful combination. It gives us a shared calling to work toward every day. Join our exceptional team and help us continue to provide the highest quality of health care possible to our communities.

Primary Function

Leads IT internal audit projects according to the audit plan throughout the Ministry, including risk assessment, audit performance, follow-up and ongoing communication of risks, results and mitigation efforts. Develops appropriate documentation to support audit work performed. Assesses information security policies and supporting processes and helps ensure IT compliance with regulatory requirements. Responsible for ongoing communication and collaboration with key partners including (but not limited to) IT, Compliance, Legal, Finance and Revenue Cycle.

Essential Job Functions

Assists in IT risk assessment process and preparation of audit plan that focuses on high-risk areas.Continuously evaluates the Information Security Program including recommending updates to existing policies and procedures to help ensure they are in accordance with established industry practice and compliant with federal and state regulations.Applies current internal control conceptual frameworks such as NIST in conducting independent audits according to the audit plan and develops appropriate documentation to support audit work performed. Audits may include topics such as safeguarding of information, vendor processes to ensure compliance with internal policies, user access controls, business continuity and incident response, etc.Recommends content for the cyber security training program. Reviews analytics, responses, and results for training administered to evaluate the effectiveness of the program.Periodically performs reviews of user access controls and identity access system settings and configurations focusing on standard and privileged accounts to ensure compliance with established policy and guidelines. Additionally, ensures access is terminated timely upon termination and job changes or transfers.Measures and tracks the results of audits performed through action plan follow-up procedures.Assists in the preparation of audit reports for presentations to management and governance; may present findings to management as appropriate.Communicates and prepares meeting agendas and status reports to facilitate discussion with immediate supervisor and upper management about audit activities in progress and emerging issues in a timely and proactive manner.Keeps current on IT industry trends and areas of interest through utilization of industry research and knowledge resources.Displays a commitment to excellence, accuracy and thoroughness in all activities, and searches for ways to improve and promote quality. Participates in department process improvement efforts.This document is not an exhaustive list of all responsibilities, skills, duties, requirements, or working conditions associated with the job. Employees may be required to perform other job-related duties as required by their supervisor, subject to reasonable accommodation.

Employment Qualifications

Required Minimum Education: Undergraduate Degree; Specialty/Major: Business, information systems technology, information security, accounting or related area.Required Licensing/Certification: CISA, CPA and/or CIAPreferred Licensing/Certification: Other technical credentials such as CISSP or CISMMinimum Qualifications: Five to seven years previous audit experience.Other Knowledge, Skills and Abilities Required: Mental agility and strong communication skills regarding risk management and internal control issues.  Self-starter able to work independently and efficiently in a partially remote environment.  Ability to understand broad enterprise risks in a complex health system beyond traditional financial audit and controls.Other Knowledge, Skills and Abilities Preferred:  Solid analytical skills with the ability to look at the big picture impact; experience with project management a plus. Experience with electronic work papers; preferably an audit automated work paper system. Exposure to data analytics design or construction.  Familiarity with IT General Controls and technical knowledge and experience in network architecture, design, configuration, and implementation. In addition, IT concepts concentrating on application security and PCI.Many of our opportunities reward* your hard work with:

Comprehensive, affordable medical, dental and vision plans
Prescription drug coverage
Flexible spending accounts
Life insurance w/AD&D
Employer contributions to retirement savings plan when eligible
Paid time off
Educational Assistance
And much more

*Benefits offerings vary according to employment status

All applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you'd like to view a copy of the affirmative action plan or policy statement for Mercy Health – Youngstown, Ohio or Bon Secours – Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employers, please email recruitment@mercy.com. If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at recruitment@mercy.com