IT Risk Auditor

Company: Forrest T. Jones & Company
Location: Kansas City
Posted on: January 16, 2022

Job Description:

As an IT Risk Auditor with a background in financial services, this position is primarily responsible for providing leadership, guidance and oversight for the Information Technology Risk Management and Audit Program. This role will partner with all IT Departments as well as business units to identify and assess the potential risks that may negatively impact the reputation, security, operations and financial viability of the company. Once identified and assessed, this position will facilitate the implementation of processes, procedures and other controls to ensure stakeholders are fully prepared to address potential threats. This role will require great communication skills and a strong comfort level to interact with all levels within the family of companies, including senior level management. The ability to prioritize, meet deadlines and be flexible will be vital for success in this position. This role will be required to work on-site in our Kansas City office on a regular basis.
Expectations

• Manage, identify, assess and report on potential risks for the lT Departments and Business Units.
• Responsible to prepare executive reporting and presentations.
• Manage and drive risk reduction efforts in the IT environment including but not limited to the privileged access review program. Monitor compliance activities such as PCI, HIPAA, and Privacy.
• Analyze documents, statistics, reports and market trends to forecast potential risks and threats.
• Develop IT Risk Management security policies, standards and guidelines.
• Collaborate with various IT departments and business units to provide recommendations for control effectiveness and improvement. Drive accountability by reviewing remediation plans and ensuring that remediation efforts are progressing to completion.
• Act as point of contact for IT Risk Management and provide consultative guidance on projects, vendors, and initiatives.
• Actively support an internal training program, including developing course material and delivering training.
• Participate in Enterprise Risk Management Program meetings and other risk-related program meetings as required.
• Business continuity and disaster recovery planning/oversight.
• Develop and maintain risk management reports and scorecards as required.
• Contributor in audits over financial operations, underwriting and claims operations.
• Documents and evaluates internal controls, ensures compliance with regulatory requirements, and identifies business risks.
• Drafts concise audit reports and maintains records of audit findings and associated action plan updates.
• Successfully execute internal risk-based, operational, financial and compliance audits, including performing all phases of the audit planning, fieldwork, reporting results and performing subsequent follow-up procedures.
• Strive to continually improve internal audit department framework, standards, tools, and methodology.
• Complete monthly department progress updates, KPI/KRI measures, and assist in management of enterprise audit platforms.
• Coordinate and assist external auditors in the completion of Companys statutory and regulatory audits.
• Provides leadership, coaching, and or mentoring to the department and the business.
• Participate in other special projects or strategic initiatives at the direction of the executive management team or Board Audit Committee.
  
  Competencies
  • Ability to interpret provider contracts and member benefits to validate the precision of system configurations.
  • Experience working with and/or testing ITGC controls.
  • Proven verbal and written communications skills to all levels of leadership.
  • Ability to partner effectively with multiple business groups, corporate areas, and independent auditors.
  • Effectively uses tact and diplomacy to discuss and resolve audit issues with management.
  • Willingness to embrace change and show flexibility in assignments and the work environment.
  • Must possess effective project management skills with ability to meet deadlines and prioritize multiple tasks.
  • Experience with ACL (Audit Control Language), IDEA or other data analytics applications.
    
    Requisites
    • Bachelor's degree in Computer Science, Information Systems Management or related field; or, equivalent education and experience.
    • Have interpersonal skills to deal effectively with all business contacts.
    • Ability to travel 5 to 10% (post-pandemic environment) of the time to visit FSL business partners, third party administrators and/or managing general agents.
    • Experience with risk assessment, control analysis, audit procedures and standards, sampling techniques, risk components, and the internal framework of control.
      
      Preferred
      • Working knowledge of accounting, regulatory and compliance issues, including requirements established by the National Association of Insurance Commissioners (NAIC) and the Missouri Department of Insurance (DOI).
      • Current CRISC, CISA, CISSP, CISM or other relevant certification.
      • Demonstrated knowledge of an insurance or financial services environment and the associated risks and threats.
      • Demonstrated ability to apply IT in solving security problems.
      • Experience assessing and/or implementing common industry frameworks such as: NIST CSF. COSO, NIST 800-53, Critical Security Controls (SANS Top 20)
        
        BenefitsWe offer comprehensive benefits to full time employees including company paid medical, STD, LTD and life insurance; plus voluntary dental, vision, Life/AD&D insurance, 401(k) with company-matching, generous paid time off and much more.
        We encourage applicants of all ages and experience, as we do not discriminate on the basis of an applicants age.
        ALL OFFERS OF EMPLOYMENT ARE CONTINGENT UPON PASSAGE OF A DRUG SCREEN AND BACKGROUND CHECK.by Jobble

Keywords: Forrest T. Jones & Company, Kansas City , IT Risk Auditor, Accounting, Auditing , Kansas City, Kansas