Sr. Director, IT Audit

 About Us:

Our purpose is to help clients exceed their financial health goals. Across the reimbursement cycle, our scalable solutions and clinical expertise help solve programmatic needs. Enabling our teams with leading technology allows analytics to guide our solutions and keeps us accountable achieving goals. 

We build long-term careers by investing in YOU. We seek to create an environment that cultivates your professional development and personal growth, as we believe your success is our success.  

JOB SUMMARY:

CorroHealth is a leading global organization specializing in Revenue Cycle Management, dedicated to optimizing financial performance and compliance for healthcare providers. We are seeking a highly experienced Senior Director, IT Audit to oversee and manage our audit and assessment programs, including HITRUST, SOC 2, and PCI.

*Healthcare background preferred
*5+ years' relevant experience required
*HITRUST highly preferred
*Bachelor's degree minimum required (IT, business, or related field)

ESSENTIAL DUTIES AND RESPONSIBILITIES: 
Note: The essential duties and responsibilities below are intended to describe the general duties and responsibilities of this position and are not intended to be an exhaustive statement of duties. This position may perform all or most of the primary duties listed below. Specific tasks, responsibilities or competencies may be documented in the Team Member’s performance objectives as outlined by the Team Member’s immediate Leadership Team Member.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

Note: The essential duties and responsibilities below are intended to describe the general duties and responsibilities of this position and are not intended to be an exhaustive statement of duties. This position may perform all or most of the primary duties listed below. Specific tasks, responsibilities or competencies may be documented in the Team Member’s performance objectives as outlined by the Team Member’s immediate Leadership Team Member.

Primary Responsibilities:

• Audit Leadership & Execution: Lead and manage the company's IT audit programs (SOC 2, PCI, HITRUST) with oversight from the Chief Compliance and Privacy Officer.
• Audit Coordination: Work closely with external auditors, internal stakeholders, and process owners to ensure smooth audit execution, timely submission of required documentation, and alignment with industry standards.
• Risk Assessment & Compliance: Conduct IT and information security risk assessments, audits, and compliance gap analyses to identify vulnerabilities and ensure regulatory adherence.
• Control Evaluation & Remediation: Review control testing performed by various teams, manage evidence collection, monitor remediation efforts, and report findings to executive leadership.
• Client & Stakeholder Engagement: Address client inquiries related to audit programs and provide clear, comprehensive explanations regarding compliance status and risk mitigation efforts.
• Cross-Functional Collaboration: Partner with IT, HR, Legal, Product, and Information Security teams to implement and enhance compliance initiatives.
• External Relationship Management: Maintain professional relationships with external auditors and third-party service firms to ensure efficient audit engagements.
• Team Management & Development: Supervise, mentor, and develop a team of audit professionals, including full-time employees and contracted specialists.
• Strategic Improvement: Assist in refining the organization's audit strategy to enhance efficiency and meet client and regulatory expectations effectively.

Required Qualifications:

• Bachelor’s degree in Information Technology, Business, Accounting, or a related field.
• Minimum 5+ years of experience in IT audits, IT compliance, or risk management roles.
• Hands-on experience with SOC 2 audits and HITRUST certifications.
• Active or candidate for professional certifications such as CISA, CISSP, GSNA, or equivalent.
• Strong project management skills, with the ability to prioritize tasks and meet deadlines with minimal supervision.
• Proven leadership skills, including team management, delegation, and progress monitoring.
• Excellent written and verbal communication skills, with the ability to present findings to executives and external stakeholders.

Preferred Qualifications:

• Prior experience in the healthcare industry with knowledge of HIPAA compliance requirements.
• Familiarity with in-house developed systems and understanding of associated development processes and risks.

PHYSICAL DEMANDS:

Note: Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions as described.

Regular eye-hand coordination and manual dexterity is required to operate office equipment. The ability to perform work at a computer terminal for 6-8 hours a day and function in an environment with constant interruptions is required. At times, Team Members are subject to sitting for prolonged periods. Infrequently, Team Member must be able to lift and move material weighing up to 20 lbs. Team Member may experience elevated levels of stress during periods of increased activity and with work entailing multiple deadlines.

PHYSICAL DEMANDS:
Note: Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions as described. Regular eye-hand coordination and manual dexterity is required to operate office equipment. The ability to perform work at a computer terminal for 6-8 hours a day and function in an environment with constant interruptions is required. At times, Team Members are subject to sitting for prolonged periods. Infrequently, Team Member must be able to lift and move material weighing up to 20 lbs. Team Member may experience elevated levels of stress during periods of increased activity and with work entailing multiple deadlines.
A job description is only intended as a guideline and is only part of the Team Member’s function. The company has reviewed this job description to ensure that the essential functions and basic duties have been included. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate.