
Forrest T Jones
IT Risk Auditor
Kansas City, Missouri, United States
Position Summary
As a Senior IT Risk Auditor with a background in financial services, this position is primarily responsible for providing leadership, guidance and oversight for the Information Technology Risk Management and Audit Program. This role will partner with all IT Departments as well as business units to identify and assess the potential risks that may negatively impact the reputation, security, operations and financial viability of the company. Once identified and assessed, this position will facilitate the implementation of processes, procedures and other controls to ensure stakeholders are fully prepared to address potential threats.
This role will require great communication skills and a strong comfort level to interact with all levels within the family of companies, including senior level management. The ability to prioritize, meet deadlines and be flexible will be vital for success in this position.
Expectations
Manage, identify, assess and report on potential risks for the lT Departments and Business Units.
Responsible to prepare executive reporting and presentations.
Manage and drive risk reduction efforts in the IT environment including but not limited to the privileged access review program. Manage compliance activities such as PCI, HIPAA, and NCUA/MDCU.
Analyze documents, statistics, reports and market trends to forecast potential risks and threats.
Develop IT Risk Management security policies, standards and guidelines.
Collaborate with various IT departments and business units to provide recommendations for control effectiveness and improvement. Drive accountability by reviewing remediation plans and ensuring that remediation efforts are progressing to completion.
Act as point of contact for IT Risk Management and provide consultative guidance on projects, vendors, and initiatives.
Actively support an internal training program, including developing course material and delivering training.
Participate in Enterprise Risk Management Program meetings and other risk-related program meetings as required.
Business continuity and disaster recovery planning/oversight.
Develop and maintain risk management reports and scorecards as required.
Contributor in audits over financial operations, underwriting and claims operations.
Documents and evaluates internal controls, ensures compliance with regulatory requirements, and identifies business risks.
Drafts concise audit reports and maintains records of audit findings and associated action plan updates.
Successfully execute internal risk-based, operational, financial and compliance audits, including performing all phases of the audit – planning, fieldwork, reporting results and performing subsequent follow-up procedures.
Strive to continually improve internal audit department framework, standards, tools, and methodology.
Complete monthly department progress updates, KPI/KRI measures, and assist in management of enterprise audit platforms.
Coordinate and assist external auditors in the completion of Company’s statutory and regulatory audits.
Provides leadership, coaching, and or mentoring to the department and the business.
Participate in other special projects or strategic initiatives at the direction of the executive management team or Board Audit Committee.
Competencies
Ability to interpret provider contracts and member benefits to validate the precision of system configurations.
Experience working with and/or testing ITGC controls.
Proven verbal and written communications skills to all levels of leadership.
Ability to partner effectively with multiple business groups, corporate areas, and independent auditors.
Effectively uses tact and diplomacy to discuss and resolve audit issues with management.
Willingness to embrace change and show flexibility in assignments and the work environment.
Must possess effective project management skills with ability to meet deadlines and prioritize multiple tasks.
Experience with ACL (Audit Control Language),