Assistant Manager IT Audit

Position Summary

CareCloud is seeking a highly experienced and detail-oriented IT Auditor to join its Internal Audit function. In this role, you will be a key contributor to the Company's Sarbanes-Oxley (SOX) 404(a) compliance program, with primary responsibility for assessing, testing, and reporting on IT General Controls (ITGCs) and IT Application Controls (ITACs). The successful candidate will partner closely with Information Technology, Finance, Compliance, business process owners, and external auditors to ensure the effectiveness of controls supporting financial reporting, regulatory compliance, and operational risk management.

Key Responsibilities

• Lead and execute end-to-end assessments of IT General Controls (ITGCs) across key domains, including logical access, change management, computer operations, and IT risk management.
• Design, evaluate, and test IT Application Controls (ITACs), including input, processing, and output controls within critical financial applications.
• Maintain and update the IT controls inventory, Risk and Control Matrices (RCMs), process narratives, flowcharts, and SOX scope documentation on an ongoing and annual basis.
• Conduct walkthroughs with IT and business process owners to assess control design effectiveness and document evidence in accordance with PCAOB auditing standards.
• Perform testing of key controls to evaluate operating effectiveness and ensure compliance with SOX 404(a) requirements.
• Identify, assess, and communicate control deficiencies, including deficiencies, significant deficiencies, and material weaknesses, and monitor remediation efforts through completion.
• Coordinate with external auditors to support reliance testing, facilitate information requests, and reduce duplication of testing activities.
• Plan and execute IT-focused internal audit engagements in accordance with the annual audit plan, including risk assessment, scoping, fieldwork, testing, reporting, and follow-up procedures.
• Conduct risk-based assessments of cybersecurity controls, data privacy practices, cloud infrastructure environments (AWS, Azure, and/or GCP), and third-party/vendor risk management programs.
• Evaluate controls over healthcare-related systems and interfaces, including Electronic Health Records (EHR), Revenue Cycle Management (RCM), and billing platforms to support compliance with HIPAA Security Rule requirements.
• Review SOC 1 and SOC 2 reports for key service providers and assess the impact of complementary user entity controls on the organization’s control environment.
• Prepare clear, concise, and well-supported audit workpapers, reports, findings, and recommendations for management and key stakeholders.
• Serve as a trusted advisor to IT and business leaders by providing guidance on control design, risk mitigation strategies, regulatory requirements, and emerging technology risks.
• Drive continuous improvement initiatives by leveraging data analytics, automation, and Governance, Risk, and Compliance (GRC) tools to enhance testing efficiency and evidence collection processes.
• Assist in the development and enhancement of audit methodologies, testing procedures, templates, and documentation standards.
• Mentor and provide guidance to junior audit team members on IT audit methodologies, SOX compliance requirements, and documentation best practices.
• Collaborate effectively with stakeholders across IT, Finance, Security, Compliance, Legal, and business operations to strengthen the organization’s internal control environment.
• Stay current with regulatory and industry developments, including PCAOB, SEC, HIPAA, HITRUST, COBIT, COSO, and cybersecurity frameworks, and incorporate relevant changes into audit programs and testing approaches.

Tools / Skills

Total Position(s)

1 Positions

Gender

Does not matter

Minimum Education

Bachelors Degree

Degree Title

Bachelors Degree

Shift

Evening

Nature of Job

Work From Office