Lead - Internal Audit

Role Summary

The Lead IT Internal Auditor will be responsible for assessing Providence IT systems, emerging technology risks, identifying vulnerabilities and recommending risk-mitigation strategies. The role will support risk‑based and operational IT audits, with an increasing focus on cybersecurity, cloud, data and third‑party risks, while partnering with management on advisory initiatives.

Roles And Responsibilities

• Lead and execute risk based Information Technology internal audit projects across an international enterprise ( including IT governance reviews, control framework assessments, cybersecurity reviews and technology‑enabled advisory projects)
• Identify, assess and test IT and automated controls and processes across key technology environments (ERP, network, OS, applications, infrastructure and databases)
• Support the development and maintenance of IT control and audit documentation including walkthroughs, testing approaches and controls evaluation.
• Coordinate and implement testing of key IT and application controls, track completion, monitor status and continuous follow up with the process owners. Ensure any internal control deficiencies are identified, remediated and re-tested.
• Perform targeted reviews of cybersecurity, information security and data privacy controls, including identity and access management, privileged access, incident response and vulnerability management
• Assess technology risks related to cloud services, third‑party vendors and outsourced IT operations
• Evaluate risks arising from new technologies, automation and digital transformation initiatives, as part of the audit plan
• Apply data analytics and technology‑enabled audit techniques to improve audit coverage, efficiency and insight, where appropriate
• Partner with IT and business stakeholders as a trusted advisor, clearly communicating risks, impacts and practical recommendations
• Lead opening, status and closing discussions with management and clearly articulate risk impact and remediation expectations
• Deliver high‑quality, concise audit reports and ensure timely completion of assigned audits
  
  
  

• 5–8 years of experience in IT Internal Audit, IT Risk, or Technology Controls, with demonstrated experience leading audits independently ( Big Four Experience Preferred)
• Exposure to US Healthcare industry or regulated or complex environments (e.g., large enterprises, shared services) is an advantage
• Professional certifications such as CISA, CISSP, CRISC, or CISM preferred; cloud or security‑focused certifications (e.g., CCSP, AWS/Azure fundamentals) are an added advantage
• Bachelor’s degree in Engineering, Information Technology, or related field; MBA is a plus
• Strong verbal and written communication skills, with the ability to interact effectively with IT and business stakeholders
• Organized, detail‑oriented and a collaborative team player with sound professional judgment
  
  
  

• Strong understanding of IT control frameworks (ISO 27001, COBIT, NIST) and the ability to apply them in a practical, business‑aligned manner
• Solid knowledge of IT risks and controls across applications, infrastructure, databases and access management
• Working knowledge of cybersecurity and IAM concepts, including logical access, privileged access and security governance
• Familiarity with GRC platforms and structured approaches to risk and control documentation
• Ability to leverage data analytics and technology‑enabled audit tools to enhance audit effectiveness
• Strong risk judgment with the ability to prioritize issues and focus on matters of highest impact
• Capability to produce clear, concise, executive‑ready audit reports