CareFirst Careers

Lead Compliance Auditor, IT

This job posting is no longer active

Resp & Qualifications

Planning and Execution – control reviews and/or audits

  • Guide and Mentor IT Compliance Auditor staff in the completion of control reviews and/or audits.
  • Drive activities for planning and executing integrated reviews and/or audits as well as IT compliance specific reviews and/or audits (general computer controls, application controls, agreed upon procedures, SOC 2, process improvement, control self-assessment, operational, compliance, etc.). 
  • Analyze and evaluate IT operations and strategies to identify opportunities for improvement in processes and outcomes, and provide technical audit advice relating to systems/operations; systems development, design and controls; systems security; change/project management; business process improvement; complex integrated systems and related computer applications; disaster recovery; across various technical environments (e.g. IBM mainframe, Unix and Windows NT).
  • In advance of formal audits conducts pre-audits and inspections of the organization’s processes to ensure performance and adherence to quality requirements, company policy and identify potential or existing risks/problems.  Documents findings and makes recommendations for improvements to address know deficiencies.
  • Assure deficiencies are appropriately addressed.
  • Prepares audit reports, findings, recommendations, and presentations as requested including using and leveraging the GRC tool and repository (e.g. MetricStream and SharePoint).

Internal and External Audit Support

  • Throughout review and/or audit assignments, identify and maintain a repository of best practices and benchmarking information related to CareFirst’s IT business operations. 
  • Maintain a repository of audit issues and relative corrective action plans and update management on outstanding issues and potential risks on a scheduled basis (e.g. SharePoint; MetricStream).
  • Interfaces with and assists outside auditors to expedite their work.
  • In conjunction with internal and external audit teams participate in and conduct walk-through activities/meetings, collection of evidence, entrance and exit conferences with auditors, and auditees.
  • Prepares and/or participates in the creation of audit reports, documents findings, recommendations, and creates presentations as requested including using and leveraging the GRC tool and repository (e.g. MetricStream and SharePoint).
  • Create management action plans in conjunction with TOS leadership to address identified deficiencies in a timely manner.
  • Track and monitor remediation activities to satisfy and bring closure to internal and external audit Issue Memorandums (IM).

Participate in continuous monitoring and improvement activities to assure continued compliance with changing audit and compliance standards.

  • Establish, maintain and lead  working relationships with control owners, internal audit and external audit.
  • Develop teamwork and synergies among personnel throughout the organization working closely with counterparts within CAAS and the Finance SOC 1/MAR audit teams; as well as external regulatory agencies and audit firms.
  • Lead consultative assignments specific to ensure adequate internal controls are incorporated prior to implementation and risks are appropriately considered at the process and enterprise levels.
  • Provide technical advice to technical teams in the development or modification of internal systems controls during systems development or enhancement.
  • Provide consulting services and best practices to drive continuous improvement to internal processes and controls.

Special Projects

  • Performing most complex special projects as assigned by management including, but not limited to Corporate Initiatives and day to day projects pertaining to audit and non-audit activities.
  • Lead special projects in a preventative control capacity consisting of business process improvements, reengineering and corporate initiatives conducting requirement analysis, risk assessments and quality assurance reviews identifying control gaps or issues that impact established control objectives as well as other auditing standards for both internal and external audits.

Leadership and Development

  • Acts as administrator to the GRC tool and repository maintained for audit reports, findings, recommendations, and evidence.
  • Develops and trains staff for purposes of performing audits, learning CareFirst processes and controls.
  • Responsible for leading staff in adequately performing audits and assessments in accordance with CareFirst methodology.
  • Maintains accountability for the accuracy of information maintained within the GRC tool and repository.
  • Maintains responsibility for timely escalation of concerns identified during audits or assessments to the IT Audit Manager.

Required: This position requires a BS/BA degree in Business Administration, Information Systems, Finance, Accounting, similar major and a minimum of 5 years’ experience in an IT or Audit business advisory services role.  Possess or in the process of obtaining an audit Certification in relevant IT, Security, or auditing field is also required.

Abilities/Skills: Candidate must be able to show ability to lead teams.  Candidate must adequately understand information technology and auditing techniques, concepts and principles.  Candidate must be knowledgeable of internal controls, general computer controls, and application controls.  Candidate must possess considerable judgment, tact, initiative, accuracy and trustworthiness, as well as excellent interpersonal skills with ability to build consensus and agreement and bring resolution to contentious issues and entrenched interests.  Must be highly motivated, organized, and committed to professional development, with demonstrated progression and achievement.  Ability to work independently with minimal supervision is required, as well as ability to work effectively in a team-oriented atmosphere.  Candidate must have highly developed oral and written communication skills to effectively communicate information technology, auditing information and business risks to a non-technical audience.  Candidate must adequately understand general project management skills relevant to performing audit functions and responsibilities. 

Candidate must be able to effectively work in a fast paced environment with frequently changing priorities, deadlines and workloads that can be variable for long periods of time.  Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence.  Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.

Must be experienced and proficient with Word, Advanced Excel and database management and related software applications; possess excellent oral and written communications; able to communicate and make presentation to all levels of management and associates at all levels throughout the Company.  Additional qualities are good analytical skills, judgment and strong decision-making abilities.

Preferred: Hands on with the implementation, support, or assessment of Information Technology hardware, software or database administration.  Possess certification as a CPA, CIA, CISA or comparable certification; advanced degree; healthcare insurance industry experience.


Department: Budget, Sourcing & Assurance

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before: 7/7/2018

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

The employee is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects. The employee must frequently talk and hear.  Weights of up to 25 pounds are occasionally lifted.

The physical demands described here are representative of those that must be met by an employee to perform the essential duties and responsibilities of the position successfully.  Requirements may be modified to accommodate individuals with disabilities.  Travel among CareFirst sites is required

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Information Technology