General Electric Manager, Technology Audit, GE Healthcare in Chicago, Illinois
Job Description Summary
Based in Chicago, IL or Milwaukee, WI area and reporting to the Director, Technology Audit, GE Healthcare, this role will lead a team of IT auditors and technical subject matter experts through data-driven, risk informed, integrated audits across GE Healthcare leveraging modern assessment tools and an industry tailored, best-in-class audit methodology. This role will directly manage up to four IT audit professionals administratively.
GE is in the midst of a significant and public transformation of its portfolio, leadership, operations and culture. One of the top priorities within this transformation is the Internal Audit function. GE is currently evolving the function, focusing more on the development of deep, data-driven, modern audit expertise and experience to serve as a true business partner for the audit committee and executive leaders, while still maintaining its commitment to talent development, both within and outside the function.
A key dimension of this role will be leading a multi-disciplinary team through complex technical assessments to objectively identify and evaluate risks that may adversely impact the security posture or operations of the business. To accomplish this, the Manager, Technology Audit will:
Collaborate with Internal Audit peers and partners to implement and maintain an industry leading standard audit methodology focused on automated control testing and technical understanding of GE’s attack surface.
Tailor audit plans to fit the industry risk and compliance profile of the target auditable entity and that considers the scope of coverage being driven by financial/operations counter-parts.
Maintain an adaptive approach based on the in-scope entity’s technical architecture and use of specific technology platforms or configurations.
Assists in the design, development, and maintenance of a comprehensive technical audit methodology, based in technical expertise and molded to the risk profile of the business.
Leads the execution of comprehensive audit plans including objectives, audit procedures, audit budgets, and team schedules.
Guides the audit team in applying appropriate audit procedures to the areas reviewed so that controls are tested from the perspective of business risk and that populations are fully covered.
Reviews audit workpapers to ensure they are clear, complete, and well-organized.
Helps to establish and manage use of automated work-flows to increase the efficiency and coverage of risks within the audit process.
Ensure that the in-scope business entity is fully aligned cross-functionally within the business unit and external to the enterprise for the implementation of sustainable, systemic action plans that address root cause and reduce attack surface.
Identifies opportunities for improvement to audit methodology, tools, and training.
Stays current on relevant business risks (e.g., current events, audit trends, emerging technologies, cyber security, etc.) and determines where appropriate to apply to engagements.
Leverages audit to educate management on complex technical risks, the application of control frameworks, and the quantitative management of risks.
Manages and develops direct reports to strengthen leadership capability and audit competency
Coaches their audit team members in building audit, BU, and cyber knowledge.
PROFESSIONAL EXPERIENCE/SUCCESS PROFILE
Bachelor's Degree in Computer Science or in "STEM" Majors (Science, Technology, Engineering and Math) or Business Administration with a minor in Computer Information Technology is preferred.
8+ years of professional experience in IT Governance, IT Risk, IT Audit, IT Operations or related fields, preferably with a Fortune 1000 companies or Big 4 assurance organization.
CISM, CISA, CISSP, CRISC designation or other relevant certification is desirable.
Understanding of regulatory and external requirements as they relate to IT, privacy and cybersecurity for regulations such as HIPAA, GDPR, and SOX.
Experience using some of the industry standards/framework, such as NIST 800-53, NIST 800-171, NIST Privacy Framework, CSA CCM, ISO 27001, ITIL v3, COBIT and FAIR is desirable.
Knowledge of IT Operational Functions including IAM, Asset Management, Cybersecurity, Data Privacy.
Proven ability to handle scale, change agenda, pace and overall complexity.
Track record of working alongside business leaders, positioning internal audit as a strategic partner, identifying and helping mitigate risk.
Superior business acumen; ability to build strong relationships and trust with company leadership and business process owners.
Modern Audit/ Data-Driven Approach-- Track record of leveraging technology and using data to drive insights and actions.
Strong quantitative and qualitative analysis skills; ability to take large volumes of complex information and present it in a clear and concise manner; uses data and a cogent problem-solving methodology in decision making and impact assessment.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer (https://assets.phenompeople.com/CareerConnectResources/GE11GLOBAL/en_global/desktop/assets/images/poster_screen_reader_optimized_w_supplement.pdf) . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).
Relocation Assistance Provided: Yes