Senior Analyst, IT Corporate Audit - Cybersecurity

Overview

We’re building a world of health around every individual—shaping a more connected, convenient and compassionate health experience.

Independently execute cybersecurity audit testing, including performing detailed test procedures, evaluating control design and operating effectiveness, and documenting results in accordance with audit standards and methodology. Own assigned audit areas end-to-end, including walkthroughs, evidence collection, validation, and workpaper documentation, ensuring accuracy, completeness, and audit defensibility.

Perform testing procedures to assess key cybersecurity domains, including cloud security (Azure & GCP), network security, data protection, application security, and third‑party/vendor risk management. Identify control gaps, document exceptions, and contribute to the development of audit findings and recommendations. Apply risk‑based thinking when evaluating issues, including consideration of mitigating and compensating controls.

Collaborate with Audit Managers and team members to support audit execution, validate control effectiveness, and ensure timely completion of deliverables. Partner with IT, compliance, and business stakeholders to understand processes, obtain evidence, and validate remediation activities. Build and maintain effective working relationships across technology teams.

Leverage data analytics and emerging technologies (e.g., AI tools) to enhance audit testing procedures, coverage, and efficiency. Contribute to continuous improvement of audit methodologies, tools, and testing approaches.

Develop clear, concise, and well‑supported work papers and documentation. Effectively communicate audit results, issues, and risks to audit team members and management.

Stay current on cybersecurity risks, trends, tools, and techniques and apply insights to audit testing and risk identification. Support knowledge sharing and training efforts within Internal Audit to enhance cybersecurity awareness and capabilities.

• 3+ years of experience in information security, risk, or compliance, with a focus on cybersecurity controls.
• At least one relevant cybersecurity certification (e.g., CISSP, CISM, or equivalent).

• Experience in a large, complex environment (e.g., healthcare, insurance, or retail).
• Demonstrated ability to independently execute moderately complex audit or control testing areas.
• Working knowledge of regulatory and industry frameworks (e.g., HIPAA, ISO, PCIDSS, NYDFS, NAIC, SOX, HITRUST).
• Familiarity with cybersecurity domains such as cloud security, vulnerability management, ransomware, and security testing tools.
• Proven ability to collaborate across teams and build strong stakeholder relationships.
• Strong analytical, problem‑solving, and critical‑thinking skills.
• Effective written and verbal communication skills.

Bachelor’s degree in Information Technology, Cybersecurity, or a related field preferred or equivalent experience (High School Diploma + 4 years of relevant experience).

Annual

Hours:

40 per week. Full‑time position.

Pay Range: $79,310.00 - $. Total compensation may include bonus, commission, or short‑term incentive programs in addition to base pay.

Eligible for a comprehensive benefits package including medical, dental, vision, paid time off, retirement savings options, wellness programs, and other resources based on eligibility.

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.