IT Audit Manager - SOX

At Owens & Minor, we are a critical part of the healthcare process. As a Fortune 500 company with 50+ facilities across the US and 18,000 teammates in over 90 countries, we provide integrated technologies, products and services across the full continuum of care. Customers—and their patients—are at the heart of what we do.

Our mission is to empower our customers to advance healthcare, and our success starts with our teammates. 

Owens & Minor teammate benefits include:

• Medical, dental, and vision insurance, available on first working day
• 401(k), eligibility after 30 days of employment
• Employee stock purchase plan
• Tuition reimbursement
• Development opportunities to grow your career with a global company

JOB SUMMARY

Responsible for contributing to the successful execution of the annual IT SOX Audit. Enforce all internal IT policies and confirm the organization acts in accordance with ITGCs, application controls, and applicable laws and regulations. Coordinate with External Audit, Internal Audit, and Management to conduct risk evaluations, execute walkthroughs, perform testing, and remediate identified deficiencies.  Organize training programs and participate in the automation of manual review processes.  Bring shadow IT processes developed by the business under IT standards and governance.  Develop and maintain positive, effective working relationships between IT and business stakeholders by communicating IT activities, changes, educational materials, and other information.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Motivated self-starter with a commitment to personal and professional improvement
• Lead and complete audits (primarily SOX), ensuring timely execution of projects to agreed service levels, and proactively identify and minimize the probably of risk occurrences
• Accountable for Management Reviews including Separation of Duties and Account Reviews (user, non-employee, administrative/privileged accounts, service accounts, servers, databases, etc.)
• Interact with all IT groups as a subject matter expert in IT compliance and privacy regulations and associated audits including, but not limited to, SOX, HIPAA, HITRUST and CCPA (California Consumer Privacy Act)
• Manage IT compliance initiatives and projects to ensure all regulatory audit and compliance requirements are met throughout the organization
• Determine technology and process requirements to implement audit and compliance strategies
• Apply in-depth knowledge of functional aspects of information systems security, risk management, and compliance
• Assess Apria’s IT environment against industry best practices and evolving compliance legislation or standards and lead the implementation of required changes or improvements

• Automate manual Access Reviews by performing project management, configuration, and testing activities within the Saviynt Identity Governance and Administration module
• Robust technical background with a deep understanding of implementing and assessing controls in complex cloud and legacy environments
• Strong skills in security principles such as least privilege access, defense in depth, and preventative vs. detective controls
• Proven track record of success/completion of healthcare compliance initiatives in a large, technology-driven organization
• Create effective working relationships through open and timely information sharing and effective collaboration with internal and external customers to deal with ambiguity and establish clear strategy

• Develop and maintain key relationships with IT Business Partners and core teams to gain oversight on new initiatives, manage cybersecurity risks, and promote a risk aware culture

OTHER DUTIES

Performs other duties as required, including but not limited to, providing assistance to IT Risk & Compliance Managers and Directors

SUPERVISORY RESPONSIBILITIES

• Yes

MINIMUM REQUIRED QUALIFICATIONS

Education and/or Experience

• Bachelor’s Degree in a related field – preferably Accounting, Finance, Management Information Systems, or Computer Science – or 9 years of progressive work experience in the IT Audit Technology space
• 2-3 years supervisory experience
• Proven experience with SOX, HIPAA, CCPA (California Consumer Privacy Act), NIST, ISO, and COBIT
• Familiarity with auditing widely used server, platform, database, and end point technologies (e.g. Windows Server, Unix/Linux, SQL Server, Oracle DB, VMWare), as well as cyber security concepts
• Understanding of IT Governance and IT Risk Management concepts
• Experience managing and leading teams effectively
• Outstanding communication (both spoken and written) and people skills
• Experience managing large-scale projects in a team-oriented cross-organizational environment (this level of experience to have been gained by several years of information systems organizations)
• Knowledge and working experience with privacy regulations, security audit/review processes, and applying corporate and federally mandated policies
• Demonstrated ability to apply assessment measurement and evaluation techniques to ensure processes, systems, and applications meet business needs
• Specific experience in the health care industry is desirable

Certificates, Licenses, Registrations or Professional Designations

CISA required

SKILLS, KNOWLEDGE AND ABILITIES

Essential Skills and Abilities

• Excellent interpersonal, oral/presentation and written communications skills in both technical and non-technical language
• Conceptual and analytical thinker; able to understand, analyze and synthesize complex business and technology issues and strategies
• Ability to assist in Business Process Analysis for continuous process improvement
• Ability to define problems, collect data, establish facts and draw valid conclusions
• Ability to lead design solution sessions including its documentation and communicating solution to the business and stakeholders
• Weigh business risks and enforce appropriate IT security policies and practices while maintaining the speed delivery that is inherent in a fast-paced company
• Strong judgment and decision-making skills; be self-motivated with the ability to work independently and in teams with minimal direction but willingness to seek advice/assistance
• Flexible and adaptable process-oriented work style; strong demonstrated work ethic; personal time management skills
• Demonstrated work ethic that emphasizes customer focus, quality and continuous improvement

Technical Skills

• Exceptional PC skills, especially Microsoft Office suite
• AuditBoard experience
• SharePoint and Box design skills and management
• Data analysis and visualization
• Ability to learn and effectively utilize new software and applications
• Exposure to Saviynt or other IGA software

Language Skills

English (reading, writing, verbal)

Mathematical Skills

Basic level mathematical proficiency, with a strong ability to understand, interpret and develop spreadsheet data.

PHYSICAL DEMANDS

The employee uses computer and telephone equipment.  Specific vision requirements of this job include close vision and distance vision.  Must be able to travel by plane and automobile (if applicable).

The physical demands and work environment characteristics described above are representative of those an employee encounters while performing the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

If you feel this opportunity could be the next step in your career, we encourage you to apply. This position will accept applications on an ongoing basis.

Owens & Minor is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, sex, sexual orientation, genetic information, religion, disability, age, status as a veteran, or any other status prohibited by applicable national, federal, state or local law.