CareFirst Careers

Senior IT Auditor & Advisor

Resp & Qualifications


Under the direction of the IT & Operations Audit Manager, Model Audit Rule (MAR) Compliance Office, the incumbent's accountabilities include, but are not limited to, the following:


Perform Information Technology audits of the company’s key financial systems and applications utilizing computer assisted audit techniques. Plan, analyze, and execute appropriate research, information gathering and risk assessment of IT operations and strategies to identify opportunities for improvement in processes and outcomes and provide technical audit advice relating to systems/operations; systems development, design and controls; systems security; change/project management; business process improvement; complex integrated systems and related computer applications; disaster recovery; and IBM mainframe, Unix and Windows environments. Prepare and lead audit entrance conference with business area management to communicate specific audit activities (scope, walkthroughs, and testing) associated with audits. Throughout the audit interact with and coordinate audit team’s interaction with audit area management and personnel in order to gather information, interpret results, communicate potential risks/issues and develop appropriate corrective actions to strengthen controls, improve efficiency and effectiveness of operations and controlling cost. Perform control audit testing and provide oversight and direction to others in the completion of audit testing which is carried out in accordance with departmental and professional audit standards.  Execute IT General Controls (ITGC’s) and IT Application Controls testing including critical Logical Access, Segregation of Duties (SOD), Computer Operations, and Change Management processes.    Ensure that audit workpapers and supporting documentation are accurate, substantiate audit findings, support audit objectives and test plans. Prepare and lead audit exit conferences with management and officers of audited business areas to formally communicate audit findings and finalize management action plans to resolve internal control weaknesses, inefficiencies and non-compliance identified during the audit.  Work with Manager to prepare draft and final Audit/Certification Reports to management and officers on audit results and corrective actions. 


Assist the External Auditors with the planning, coordination, and execution of the Service Organization Control (SOC1 and SOC2) reports across several entities within CareFirst.


Monitor the progress and management of corporate IT initiatives or projects, as assigned.  Advise and consult on risk management and controls for new systems and/or processes associated with assigned corporate projects, following a system development life cycle methodology, as appropriate.  Work collaboratively with the project team to identify project and post-implementation risk/issues and develop recommendations for corrective actions.  Follow-up with project management to resolve identified problems, including internal control testing, coding and unit testing, system and acceptance testing, conversion testing, implementation testing, post-implementation review, as appropriate.  Write memoranda and status reports to management communicating the risks and recommended corrective action plans identified in these monitoring and advisory activities.


Thorough audit and advisory assignments, identify and maintain a repository of best practices and benchmarking information related to CareFirst's IT business operations.  Maintain a repository of IT audit issues and relative corrective action plan and update management on outstanding issues and potential risks on a scheduled basis.


Participate in the performance of risk assessment of the business process and project level.  Maintain a database repository of business processes and related risk documentation.


Perform special reviews and audits or advisory services as requested by management.  Respond effectively and timely.  Write reports or memoranda to management communicating the results of the work performed, establish action plans, and perform follow-up to validate completion of action plans.  Support department strategic initiatives and other special assignments aimed at continuous quality improvement.


Perform control self-assessment, process improvement reviews, and problem resolution facilitation for management of business areas, as assigned by the IT & Operations Audit Manager, MAR Compliance Office.  Promote these services within the organization.


Assist in the coordination/management of all external audits of IT information systems as operations as assigned.



Required:  This position requires a BS/BA degree in Business Administration, Management Sciences, Information Systems, Finance and/or Accounting, and 3-5 years of progressively responsible auditing and/or systems analyst/programmer and/or consulting and business advisory services experience with a project management background.  Incumbent must have demonstrated experience and knowledge, in business process improvement, risk assessment and mitigation, internal control assessment and information systems development life cycle methodologies.


Skills/Abilities:  Incumbent must fully understand auditing techniques, concepts and principles, and how they are applied to individual audits or a strong Project management background.  Must be knowledgeable of internal controls, and system development life cycle (SDLC) methodologies, complex integrated computer systems, applications and environments.  Must be proficient with PC applications and have experience in and knowledge of IT audit related issues concerning operating systems (UNIX & Windows), computer networking, access controls software (RACF, Control-SA) and database management systems (Oracle and SQL Server).  Experience with TeamMate is a plus.


Incumbent must have excellent project management skills including workflow balancing, activity scheduling, problem solving facilitation, the ability to prioritize and manage multiple complex tasks and demonstrated experience in meeting deadlines.  Must be highly motivated, organized, committed to professional development, with demonstrated progression and achievement.  Ability to work independently with minimal supervision is required.  Must be able to work effectively in a team-oriented atmosphere.  Incumbent must have highly developed oral and written communication skills to effectively communicate complex auditing information and business risks to a non-technical audience.  Also must have effective public speaking skills and be able to prepare and deliver presentations.  Additional qualities are good analytical skills and judgment and strong decision-making ability.


Preferred:  Possess certification as a CPA, CIA, or CISA; advanced degree; healthcare insurance industry experience.

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before: 3.24.21

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Audit & Legal