Senior IT Auditor

Job Description SummaryIn this role, you will assess the design, implementation, and operating effectiveness of internal controls procedural aspects. Has knowledge of best practices and how own area integrates with others; is aware of the competition and the factors that differentiate them in the market

GE HealthCare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world

Job Description

Roles and Responsibilities

• With oversight from Managers and other senior team members, test internal controls by performing test of design and test of operating effectiveness by reviewing and documenting relevant evidence to conclude on the design and operational effectiveness of controls and the overall control environment.

• Assist the manager in preparing the Risk and Control Matrix

• Lead meetings with key client contacts and stakeholders to review key concepts, gaps or issues with risk management and control design elements, support and conclusions.

• Adapt testing approach based on risks identified.

• Assess documentation, processes, methods, policies, costs, and other factors to determine if assigned scope areas are operating in accordance with established and relevant controls and in a way that adequately mitigates identified risks.

• Prepares clear and well-organized audit work documentation within an automated workflow that clearly documents root cause, work performed, investigation summaries, and recommendations.

• Review workpapers for some team members

• Present initial audit observations to the IA leadership and audit stakeholders, as required.

• Embrace an equitable and inclusive environment where people can bring their full selves to work and unlock their greatest potential and contributions to the team.

• Stay abreast of new and emerging regulations & trends that impacts the risk landscape and rapidly adjust audit plan or procedures accordingly.

Key Competencies

• Information Technology Control Knowledge: Uses understanding of IT controls and IT control frameworks to evaluate IT controls across core business processes, requiring some guidance from dedicated IT auditors.

• A strong foundation on Information Security principles

• A sound knowledge of at least 2 out of the following domain areas: SDLC, Network & IT infrastructure, Cybersecurity (threat hunting, vulnerability assessment, DLP, etc.), Cloud Computing, Application Security

• Project Management: Contributes to the planning and execution of planned audits.

• Critical thinking skills: An ability to view at a problem from multiple perspectives, assess risk, structured and logical thought process

• Root Cause Analysis: Ability to identify the root cause of an issue, demonstrating awareness of various root cause analysis techniques, such as the “5 why’s” test.

• Writing: Ability to document in a clear, concise, and logical manner process understanding (i.e., narratives/flow diagrams), risks, control descriptions, and test results (i.e., symptoms). Ability to analyze evidence and document findings in a structured and coherent way.

• Collaborate with colleague across the globe, adaptability and strong understanding of global business practices are key attributes for success for this position.

• Conflict Management Negotiation: Ability to handle difficult situations with diplomacy and tact and negotiate with management as appropriate to ensure key findings and follow-up actions are agreed upon.

• Influence: Ability to build trust and support with auditees

• Data Analysis and Business Intelligence Knowledge: General understanding of data and analytics techniques used in analyzing large volumes of data, ability to conduct simple data analysis using excel functions.

• Data Visualization: General understanding of data visualization techniques and their application

Qualifications

• Bachelor's or Master’s degree in Engineering

• Minimum of 4 years of relevant internal audit or IT SOX testing experience in industries such as Manufacturing, Medical Devices, Technology, Consulting or Financial Services.

• Ability to travel internationally and domestically approximately 15-20%.

Desired Characteristics

• CISA, CISSP, CISM or other professional certification is a plus.

• Familiarity with industry standards/framework, such as NIST 800-53, NIST 800-171, NIST Privacy Framework, CSA CCM, ISO 27001, ITIL v3, COBIT and FAIR is desirable.

• Understanding of IT Operational Functions and concepts including IAM, Asset Management, Cybersecurity, Data Privacy

• Audit/risk management experience or exposure is preferred.

• General knowledge of legal, regulatory and compliance requirements.

• Lean Process orientation; Passion to help improve operations continuously

• Experience with data analytics is a plus.

• Strong project management and organization skills.

• Problem solving skills that demonstrate logical and analytical thought processes.

• Know how to use technology and data to get things done.

• Ability to flex personal style according to the context of a situation to drive engagement with all stakeholders.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership –always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration, and support.

#LI-BR3

#LI-Hybrid

For U.S. based positions only, the pay range for this position is $100,800.00-$151,200.00 Annual. It is not typical for an individual to be hired at or near the top of the pay range and compensation decisions are dependent on the facts and circumstances of each case. The specific compensation offered to a candidate may be influenced by a variety of factors including skills, qualifications, experience and location. In addition, this position may also be eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). GE HealthCare offers a competitive benefits package, including not but limited to medical, dental, vision, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, and tuition reimbursement.

Additional Information

GE HealthCare offers a great work environment, professional development, challenging careers, and competitive compensation. GE HealthCare is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

GE HealthCare will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).

While GE HealthCare does not currently require U.S. employees to be vaccinated against COVID-19, some GE HealthCare customers have vaccination mandates that may apply to certain GE HealthCare employees.

Relocation Assistance Provided: No