Senior IS Security Auditor

OVERVIEW AND REPORTING RELATIONSHIP As part of the IS Audit & Compliance team, the IS Security Auditor will work with IS leadership to protect the confidentiality, integrity and availability of patient, employee, and business information in compliance with organization policies and procedures. A primary focus will be working across Tenet and its facilities to evaluate whether risks to the organization are identified and minimized, acceptable internal controls and procedures are followed, resources are used efficiently and economically, and the organization's objectives are effectively achieved. This person will also be called upon to assist management with enterprise risk assessment and annual audit plan development. REPORTING STRUCTURE & WORK SETTING Position reports to Manager, IS Audits, as part of within Cybersecurity. This position will be located in Manila, Philippines in our Global Business Center. OTHER REPRESENTATIVE DUTIES NOTE: The essential duties and primary accountabilities below are intended to describe the general content of and requirements of this position and are not intended to be an exhaustive statement of duties. Evaluates IT general controls (ITGC) including user access, information security, systems development life cycle (SDLC), change management, data center / physical security, data backup and recovery, business continuity, and associated risk exposures. Completes Financial Reporting Control (SOX) test work and documentation. Performs risk-based audits of information systems, operating systems, and operating procedures. Assists with audit evaluations to provide reasonable assurance that risk management, control, and governance systems are functioning as intended and can enable the organization to meet its goals and objectives. Evaluates automated system controls including authentication and authorization, and other controls to support privacy and security of sensitive data. Stays abreast of advances in technology and IT auditing techniques; regularly share knowledge with staff and audit management; effectively interact with various levels of internal management. Identifies emerging issues and recommend solutions to IT Audit & Compliance Management. Provides risk assessment input. Assists in maintaining documentation of deliverables, current procedures and internal system-specific knowledge. QUALIFICATIONS: EDUCATION AND WORK EXPERIENCE Bachelor’s degree or equivalent work experience required 5-7 years of business experience with Big Four audit background preferred A minimum of 5 years’ experience in a role performing IT audit work Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) (preferred) Certified Information Security Manager (CISM) (preferred) Other combinations of education, experience, or training that may be considered in substitution for the minimum requirements SPECIALIZED KNOWLEDGE, SKILLS & ABILITIES: Must be fluent in English The ability to identify/assess business process and IT risks, design appropriate audit steps and plan, execute and wrap up audits Good working knowledge of SOX, HIPAA and HITECH/ISO principles, concepts and practices Strong interpersonal skills and excellent organizational skills Self‑motivated, able to work in a team and independently Detail‑oriented, able to multitask and meet deadlines Advanced knowledge of PowerPoint and Excel Visio proficiency in documenting process workflows would be an asset Familiarity with audit tools would be considered an asset Experience working in cross‑departmental teams and leading efforts through collaboration and influence. #J-18808-Ljbffr