Work Shift: DAY
Work Week: M - F
The Senior Information Systems (IS) Auditor is primarily responsible for planning, coordinating and executing technology-based operational, financial and compliance reviews of the Houston Methodist entities and proactively identifying technology risks and presenting recommendations for improvements to mitigate risks. Experienced in a complex Information Technology environment and is knowledgeable of various standards (e.g., NIST), control models (e.g., COBIT), application and system development life cycles, and physical and operational security controls and safeguards. Has excellent communication skills (oral and written) and possesses a Professional Certification: CPA, CISA, CISSP or CIA required, CISA preferred.
Houston Methodist is seeking a qualified Senior Information Technology (IT) Auditor to join our recognized and engaged internal audit team. Houston Methodist is located in the heart of the world-renowned Texas Medical Center, is a nonprofit, faith-based, health care organization based in Houston, Texas. With over 20,000 employees and net revenue exceeding $3.4 billion, Houston Methodist is comprised of 8 hospitals, a prominent Research Institute and two growing physician organizations. Houston Methodist is consistently ranked among the country’s top hospitals in the U.S. News and World Report’s annual guide to "America’s Best Hospitals" and is ranked No. 1 in the Houston and achieved Honor Roll status. Houston Methodist is also ranked by Forbes magazine as a Best Places to Work. We offer a competitive salary and benefits package.
Our internal audit department is comprised of professionals who provide quantifiable, value-added assurance and consulting services by providing an independent appraisal of the organization’s risks and controls. This mature internal audit department was awarded The Institute of Internal Auditor’s Recognition of Commitment Award, has received the AHIA Institutional Award, and also received the top-ranking during their last IIA’s Quality Assurance Review. In addition, the internal audit department has a demonstrated track record of providing professional growth and career development – several of our auditors have advanced into management and operational roles across Houston Methodist.
The Department's vision is to provide a fully-developed, State-of-the-Art, Internal Audit function that proactively delivers value-added results to Management and Governance by providing an independent appraisal of the organization¿s risks and controls. This is accomplished by
Evaluating risks in achieving organizational objectives and proposing value-added and cost-effective measures for controlling, and managing those risks.
Assisting management by reviewing the organization¿s operations, the adequacy of internal controls, the compliance with laws and regulations, the adherence to policy and procedures, the safeguarding of assets, and the accuracy of reported financial activities.
Supporting governance by assuring the organization about the state of the control environment.
PATIENT AGE GROUP SERVED
Select the applicable age group(s) of primary customers/patients served by this position.
System and department specific ICARE values
INTEGRITY: We are honest and ethical in all we say and do.
COMPASSION: We embrace the whole person including emotional, ethical, physical, and spiritual needs.
ACCOUNTABILITY: We hold ourselves accountable for all our actions.
RESPECT: We treat every individual as a person of worth, dignity, and value.
EXCELLENCE: We strive to be the best at what we do and a model for others to emulate.
Duties and Responsibilities are cross-referenced to the hospital's Pillars of Excellence and will be transferred to the Performance Evaluation.
1. Provides oral and/or written communication of audit commencement, objectives, status, and results to auditees.
2. Provides Internal Audit management with periodic status reports regarding progress of progress against the annual audit plan and other goals such as cycle time targets, issues identified, and barriers encountered.
3. Educates Internal Audit staff to raise awareness on general controls over information systems encountered in the units/departments/functions audited.
1. Develops risk-based audit approaches and established preliminary scope of reviews.
2. Identifies and quantifies opportunities for improvement and develops formal audit recommendations that are value-added and cost-effective.
3. Performs periodic follow-up of previously reported audit findings to assess resolution and corrective action taken.
4. Utilize the time tracking report as a tool to track the ability to complete assigned audits.
5. Maintains audit work paper documentation in TeamMate
6. Maintains appropriate audit report cycle times when possible (10 working days).
1. Applies current internal control frameworks (such as COSO, COBIT), The IIA International Standards for the Professional Practice of Internal Auditing, and actively seeks knowledge of new, automated, or more contemporary audit tools and techniques to increase departmental efficiency and effectiveness.
2. Creates concise and accurate written reports communicating audit results.
3. Demonstrates industry, information technology and internal audit knowledge, skills and abilities as it relates to various operating systems, network-operating environments, applications, database management systems, IT governance processes, LAN/WAN communication concepts, telecommunication systems, system development processes and. Information Security frameworks, such as: ISO 27001, Information Security Forum Standard of Good Practice, and NIST standards.
1. Actively participates as an internal controls consultant in organizational information systems implementation projects, and performs go-live readiness assessments.
2. Maintain a 3.5 average on the customer satisfaction surveys.
1. Uses personal computers and related software including the departmental standard work paper software (Teammate), data-analysis software (ACL) where appropriate, word-processing (Word), spreadsheets (Excel), flowcharting (Visio), and presentation (PowerPoint).
2. Maintain competency in current IT industry trends including Operating system and database platforms, NIST standards, IT General Controls, IT Governance, Information Security frameworks, Systems Development life cycle, Meaningful Use, and HIPAA Security Risk Assessment.
3. May perform routine operational, compliance, or financial audits as requested.
This position description is not intended to be all inclusive, and the employee will also perform other reasonably related business duties as assigned by the immediate supervisor and other management as required. The Houston Methodist Hospital reserves the right to revise or change job duties and responsibilities as the need arises.
Bachelor's Degree required; preferably in Computer Science, Information Systems, Business, Finance or Accounting.
Minimum of 5 years relevant business experience in a complex Information Technology environment. Healthcare experience and HIPAA security experience is preferred. Knowledge and understanding of various standards (e.g., NIST), control models (e.g., COBIT), application and system development life cycles, and physical and operational security controls and safeguards.
CERTIFICATES, LICENSES AND REGISTRATIONS REQUIRED
CPA, CISA, CISSP or CIA required; CISA and/or CISSP preferred.
SPECIAL KNOWLEDGE, SKILLS AND ABILITIES REQUIRED
1. Must be able to multi-task and able to perform audits within established timelines.
2. Knowledgeable of various standards (e.g., NIST), control models (e.g., COBIT), application and system development life cycles, and physical and operational security controls and safeguards.
3. Possess an understanding of the International Standards for the Professional Practice of Internal Auditing
4. Demonstrates effective verbal and written communication skills.
5. Demonstrates a positive, helpful and supportive attitude and demeanor.
6. Professional handling of exposure to confidential/sensitive information requires strict confidentiality with no compromise, as well as honesty and integrity.
7. Experienced in a complex Information Technology environment. Demonstrates industry, information technology and internal audit knowledge, skills and abilities as it relates to various operating systems, network-operating environments, applications, database management systems, IT governance processes, LAN/WAN communication concepts, telecommunication systems, system development processes and. Information Security frameworks, such as ISO 27001, Information Security Forum Standard of Good Practice.
8. Performs at a level requiring limited direct supervision.
Houston Methodist is an Equal Opportunity Employer.
Equal employment opportunity is a sound and just concept to which Houston Methodist is firmly bound. Houston Methodist will not engage in discrimination against or harassment of any person employed or seeking employment with Houston Methodist on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or other characteristics protected by law.
VEVRAA Federal Contractor – priority referral Protected Veterans requested.
Houston Methodist (HM) is one of the nation’s leading health systems and academic medical centers. HM consists of 7 hospitals: Houston Methodist Hospital, its flagship academic hospital in the heart of the Texas Medical Center and six community hospitals throughout the greater Houston metropolitan area. HM also includes a research institute, a global business division, numerous physician practices and several free standing emergency rooms and outpatient facilities. Overall, HM employs over 20,000 employees. FORBES magazine has placed Houston Methodist on its annual list of Best Employers in 2016. Houston Methodist is supported by a wide variety of business functions that operate at the system level to help enable clinical departments to provide the best patient care and service in a spiritual environment.
Director Pharmacy Informatics
Houston Methodist Hospital, Houston, TX
Work Shift: DAYWork Week: M - FJob Summary08/2017JOB SUMMARYThe Director, Pharmacy Informatics is responsible for overall management, strategic planning, implementing, budgeting, directing, and coordinating Pharmacy ...
Manager Application Development
Corporate, Houston, TX
Work Shift: DAYWork Week: M - FJob SummaryWe are looking for a Manager of IT Application Development to be responsible for managing the company’s Application ...
Senior Applications Analyst
Houston Methodist Research Institute, Houston, TX
Work Shift: DAYWork Week: M - FJob SummaryJOB SUMMARYThe Sr. Application Analyst in the Center for Outcomes Research (COR) performs expert level support and configuration ...