McKesson Senior IT Auditor in Alpharetta, Georgia
McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.
Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.
Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.
We are looking for a Senior IT Auditor to support audits across McKesson. The ideal candidate will work collaboratively with the Internal Audit team in a dynamic fast-paced environment using McKesson’s risk-based audit approach. This position will also support the strategic goals and initiatives of the organization and department. Strong communication skills are critical in this role since the Senior IT Auditor will interact with many levels of management and leadership throughout the organization. Experience and understanding of cybersecurity risks is vital to the success of this role.
Conducts in-depth IT and cybersecurity audits to support the enterprise cybersecurity strategy – audits may include network assessments, business continuity and disaster recovery, patch and vulnerability management, Industrial Control Systems (ICS), vendor management, and IT asset management.
Conducts integrated and information technology audits, including pre-implementation, post-implementation, and program governance reviews.
Using McKesson’s risk-based audit methodology, the Senior IT auditor must effectively collaborate with other team members to plan audits, perform tests of controls, and deliver audit results. This may include interaction with other risk assessing organizations such as Compliance, Office of the CTO, and Information Systems Risk Management.
Documents results of review in Internal Audit’s automated work paper
Ensures the clear and concise communication of audit issues to process owners, management, and leadership. Reviews audit issues with auditees to ensure completeness, accuracy, and appropriate presentation.
Utilizes problem solving skills to recommend improvements to processes under audit.
Obtains and reviews action plans from business unit process owners and management. Ensures that these action plans fully address issues observed during the audit.
Assist in the development of the audit report to clearly and concisely communicate audit results and recommendations to management.
Assists Internal Audit management to develop status decks and reports for presentation to business unit leadership.
Leads post engagement issue follow up and resolution.
Supports process improvement initiatives for the Internal Audit team.
2 - 3 years audit or related experience
2 Years audit or related experience – including technical IT and cybersecurity experience.
“Big 4” or “Tier 2” public accounting firm, Fortune 100 Internal Audit department preferred, or a combination of this experience.
Experience applying ISACA and IIA audit methodologies to perform audits.
Experience reviewing and applying the National Institute of Standards and Technology (NIST) cybersecurity framework.
Must possess excellent written and verbal communication skills. Ability to effectively communicate, in clear and concise language, IT audit results to all levels of management, including senior leadership. The ideal candidate must possess a high attention to detail and accuracy when writing audit reports and other communications.
IT audit skills including experience with pre and post system implementation reviews, internal readiness assessments, project management skills, knowledge of general computer and application controls.
Ability to sometimes work independently, and handle multiple priorities in a fast-paced environment.
Willingness and ability to learn methodologies for auditing new technologies through classroom training, on-the-job experience, and self study.
Additional Knowledge & Skills:
Auditing policies and systems; experience with large scale deployments of SAP, JD Edwards, or PeopleSoft; skills in auditing Windows and Unix operating systems, with the ability to audit other operating systems, as the need arises; audit knowledge of MS SQL, MySQL, and Oracle databases; experience auditing controls within virtual technologies such as VMWare; experience with auditing network technologies such as firewalls, routers, and switches.
Experience with auditing mobile and cloud technologies such as SaaS, PaaS, and IaaS.
Experience in auditing third party service providers.
Business process analysis skills, with proven experience in performing assessments for the revenue, payroll, expenditure, inventory, and financial statement close processes in a manufacturing and/or healthcare services setting.
Segregation of duties analysis for applications within various business cycles and general computer control environments.
Knowledge of laws and regulations applicable to the healthcare industry, such as the HIPAA Privacy and Security rules.
Self-motivated, with the ability to work independently, as the need arises.
Willingness to travel 25%-35% of the time, and sometimes up to 50%.
4 year degree in business or related fields such as computer science, management information systems, accounting, or finance.
Certified Information Systems Auditor (CISA) designation, or willingness to take the exam within one year of start date.
Certified Information Systems Security Professional (CISSP) designation a plus.
General office demands.
Willingness to travel 25%-35% of the time.
Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.
We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.
But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.
Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
No agencies please.
Job: Finance and Accounting
Organization: McKesson Corporate
Title: Senior IT Auditor
Requisition ID: 18001428
Other Locations: United States-Texas-Irving