Utilize the Assessment to Develop Risk Matrices And/Or Audit Programs to Test Controls

Independence Blue Cross
*Position Title: / IS Auditor III
*Position Type: / Full-Time
*Compensation: / Salaried
*Start Date: / ASAP
*Location: / Philadelphia – Center City
*Job Requirements
*Job Description / The IS Auditor III will assist the IS Audit Manager in the maintenance of an effective IS audit plan covering the Information Technology functions, Information Security controls, and Information Systems (applications), including systems under development, for IBC, its subsidiaries, and joint ventures. Plan, develop, implement, and perform activities to identify, examine, test, and make recommendations related to internal controls, policies, and procedures of the Plan and its subsidiaries. Assist the IS Audit manager in identifying, implementing, and monitoring compliance to effective controls for the NAIC Model Audit Rule (similar to Sarbanes-Oxley) and SSAE 16 reviews.
MAJOR ACTIVITIES:

• Assist the IS Audit Manager in maintenance of an effective IS audit plan for IBC, its subsidiaries, and joint ventures.
• For Information Technology, Information Security and Applications audits, gather background information on the area being reviewed, determine the associated risks, interview management and document controls designed to mitigate the risks.
• Utilize the assessment to develop risk matrices and/or audit programs to test controls.
• Test the controls, conclude on the adequacy of controls and document the testing results.
• For Systems Development reviews, assess the risks and controls for the project under development.
• Utilize the assessment to develop an audit program to test the applicable controls.
• Test the controls, proactively identifying control weaknesses and recommending solutions to management prior to production implementation.
• Assist the IS Audit Manager in determining the audit methodology or investigative plan to use, extent and scope of testing, auditee/investigation contacts, and testing/investigation tools to be utilized for each assignment.
• Communicate the adequacy of established controls and recommendations for control enhancements to senior management via reports, memos, and oral presentations.
• Participate in conducting project opening and closing meetings, including the presentation of objectives, scope, findings, and recommendations to management.
• Assist the IS Audit Manager in follow-up of outstanding recommendations.
• Effectively allocate time between multiple assignments.
• Maintain proficiency in current IS audit standards and procedures and keep abreast of technology developments and IS audit/control and information security best practices.
• Provide technical/consulting support to Internal Audit staff and act as liaison with IS and outside hardware/software vendors.
• Utilize audit and computer software to complete assignments, as appropriate.
• Consult or assist on the establishment or reengineering of policies, procedures, and processes.
• Perform other duties as necessary or appropriate to position.

* Skills & Qualifications: /

• Incumbents should posses a BS/BA degree with 3 to 5 years of IS audit experience.
• An applicable advanced degree or certification (such as CISA or CISSP) is highly desirable.
• Experience should include knowledge of information security and administration controls for client server and mainframe environments (e.g., Windows, OS/390, UNIX, and AS/400), as well as databases (e.g., Oracle, DB2, SQL).
• Experience should also include performance of applications, systems development life cycle and data warehouse audits.
• Prior NAIC Model Audit Rule/Sarbanes-Oxley control identification\testing and SSAE 16 experience preferred.
• eBusiness, Internet infrastructure, Disaster Recovery control knowledge and prior experience with CAATs (computer-assisted audit techniques), such as ACL and SQL, is desirable.
• Incumbents should be experienced with risk based auditing, as well as, effectively communicating Information Technology and Information Systems functions, controls and exposures to management.
• Incumbents should be able to learn the business processes and identify business process controls that relate to projects assigned.

Education: / BS/BA Degree
Certification(s): / Required: CISA or CISSP
Travel: / 0% of Travel Required
*Contact Information
Job Reference: / 809575
*Contact Name: / Angelina Spruel, Talent Acquisition
Email Address: /
Telephone: / 215-241-9428
Fax:
Website: /
Company Information: / The leading health insurer in the Philadelphia region, Independence Blue Cross is a company in motion, continually refining our processes and products to offer the best value to our more than 3.1 million members nationwide. As a pacesetter in the dynamic health care industry, Independence Blue Cross is not only a leader, but also an innovator, growing and expanding into new markets to enhance the health and wellness of the people and communities we serve.
Special Instructions: / Please submit your application directly online @

ISACA Philadelphia is not responsible for the content or accuracy of this job posting.

Template Version 1.1: 02/21/07

Page 1 of 2