Manager, IT Audit


Set your sights on a role making a real difference in the healthcare system. R1 RCM is seeking a self-motivated and dedicated Manager, IT Audit to join our growing company and corporate compliance team. We are a leading provider of revenue cycle management ("RCM") and physician advisory services ("PAS") that helps healthcare providers achieve results through an integrated approach utilizing proprietary end-to-end RCM and PAS offerings. The Manager, IT Audit will have specific expertise and background in healthcare audit or compliance, information technology ("IT") infrastructure and security, regulatory analysis and interpretation, and revenue cycle operations for hospitals and/or health systems. The successful candidate, reporting to the Vice President, IT Compliance & Privacy, will serve as a front-line leader in conducting and overseeing IT auditing and monitoring efforts, including those tied to the company’s annual audit plans. Further, this candidate will support the company’s control attestation (HITRUST & Service Organization Control ("SOC") 2) reporting and initiatives, as well as our comprehensive strategy and growth plans helping to ensure that the company exhibits and maintains robust security standards for the management and safeguarding of Protected Health Information ("PHI"). In addition, this candidate will provide expertise relating to privacy and security of records and data, promoting an organizational philosophy and commitment to a comprehensive and ethical set of privacy and security policies, procedures, and technology which supports organizational goals and growth while mitigating risk and liability. Your day to day role will include: * Planning, coordinating and executing auditing programs and scope, individually or as team lead, by understanding organization objectives, structure, policies, processes, internal controls, and external regulations; * Integrating and aligning audit controls, policies and procedures across all IT related domains with various control methodologies, including HITRUST/HIPAA, NIST, SOC1, SOC2, COSO, COBIT, PCI, and SOX ; * Demonstrating awareness and understanding of technical environments and application systems through examination, interviews, and testing of procedures in accordance with applicable attestation standards; * Facilitating audits including advanced continuous / automated monitoring activities across all environments (web, cloud, infrastructure, network, device, etc.) ; * Participating in reviews of internal controls and security of systems under development as well as major IT projects and initiatives; * Generating audit reports in consistent, comprehensive manner that enables operational remediation activities; * Identifying, analyzing, and estimating risk applicability (based on threat and vulnerability) for defined audits; * Reporting routinely to management and Board of Directors Audit Committee and/or Compliance & Risk Management Committee; * Assisting in company’s enterprise risk management (ERM) process/framework, including comprehensive ERM surveying, mapping and corrective action/risk prioritization planning on a quarterly and annual basis ; * Researching and applying applicable regulatory and control framework requirements along with best practices; * Driving operational excellence that results in improved attestation quality, internal & vendor controls and customer satisfaction ; * Performing audits of various monitoring functions, tools, tasks, programs, etc., to ensure controls owned by IT and Operations are measured, managed and monitored per expectations; * Recommending appropriate performance and process improvements to current and future state environment/processes while working to adopt best practices; * Evaluating and comparing potential risks with company-established criteria, including costs, legal requirements and environmental factors ; * Coordinating with India-based Compliance & Risk team members on audit, control and risk related projects, assessments and attestations; * Monitoring corrective action plans and risk mitigation activities; and * Maintaining focus on operational excellence through risk mitigation and protection of sensitive data to improve quality and customer satisfaction. You Have: * Demonstrated knowledge of information security principles and practices, as well as an advanced understanding of security and privacy protocols and standards, particularly as applying to control frameworks in a healthcare environment; * Significant experience performing and/or supporting AICPA SOC (formerly SSAE 16) attestation projects, inclusive of all trust principles. Other attestation standards, including HITRUST and ISO, also beneficial; * At least six (6) years of experience in IT Audit; * Significant experience in organizational risk management, assessments and mitigation strategies * Basic knowledge of networking and operating systems, primarily in a Microsoft environment; * Experience with application systems including configuration of business rules, roles, and permissions; * Experience in disaster recovery / business continuity planning, implementation and risk mitigation * Credentials in one or more of following categories: SANS GIAC, CISA, CISSP, CRISC, CIA, PMP and/or Security+ certification; * Expertise in other Security Frameworks (ISO, NIST (800-53), COSO, COBIT, HIPAA/HITECH, etc.); * Strong written and verbal communication and consulting skills, including the ability to explain technical matters to a non-technical audience; * Demonstrated ability to work independently and as part of a team; * Problem solving/analytical skills, i.e. the ability to systematically think through the implications of problems to arrive at sound solutions; and * Public or private accounting firm experience strongly preferred, along with IT experience. * Ability to travel – estimated 10% of the time, inclusive of India. We offer: R1 is changing healthcare by infusing operational discipline and proprietary technology in hospital financial processes. We are an industry leader; we are the only independent organization with a comprehensive service and technology offering for hospital revenue cycle management, and we have achieved leading outcomes for our customers. * A strong financial performing, growing organization that will keep you on your toes with new ideas, changes and opportunities to learn and grow in abundance. * A culture of excellence, driving customer success so they can focus on improving patient care and on giving back to the community. * A Total Rewards package which may include such things as: competitive compensation package, the ability to choose from a comprehensive benefit program mostly funded by R1 that includes medical, dental, vision, flexible spending accounts, commuter benefits, life and disability insurance, along with work life balance programs including paid time off for personal time, illness and volunteering, and we offer a retirement savings plan and continuing training and development and so much more! Sound like you? Let’s talk! About R1: R1 is a leading provider of revenue cycle management services and Physician Advisory Services to healthcare providers. We are the largest independent end-to-end revenue cycle provider and have the longest operating history in the revenue cycle industry. R1’s objective is to be the one trusted partner to manage revenue so providers and patients can focus on what matters most. Our distinctive operating model and values includes people, processes, and sophisticated integrated technology/analytics that help customers realize sustainable improvements in their operating margins and improve the satisfaction of their patients, physicians, and staff. We are dedicated to transforming the commercial infrastructure and patient experience in healthcare.

To apply for this job please visit the following URL: →