IT Auditor

Requirements

• Required Education & Experience
• Bachelor's degree in Information Systems, Information Technology, Cybersecurity, Accounting, Finance, Healthcare Administration, or a related field.
• Three (3) or more years of experience in IT auditing, information security, risk management, compliance, cybersecurity, or related disciplines.
• Experience evaluating technology controls, information security practices, and IT governance processes.
• Understanding of cybersecurity principles, risk management methodologies, and internal control frameworks.
• Strong analytical, organizational, and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to manage multiple projects and priorities in a dynamic environment.
• Experience conducting IT audits within healthcare, healthcare services, or other regulated industries.
• Familiarity with NIST CSF, HIPAA Security Rule, COBIT, and other IT governance and security frameworks.
• Experience with Microsoft 365, Azure, Entra ID, and related cloud technologies.
• Knowledge of cybersecurity operations, identity and access management, and cloud security concepts.
• Experience supporting SOX compliance programs and IT General Controls testing.
• Experience working with external auditors, regulators, and compliance assessors.
• Preferred Certifications
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• Certified Internal Auditor (CIA)
• Certified Public Accountant (CPA)
• Healthcare Informatio

Benefits

Additional Information

Position Summary Pennant Services is seeking a highly motivated and detail-oriented IT Auditor to support the organization's IT audit, risk management, cybersecurity, compliance, and governance programs. This position will evaluate the design and effectiveness of technology controls, identify risks, and work collaboratively with business and technology stakeholders to strengthen Pennant's overall control environment. The IT Auditor will participate in a variety of audit and assessment activities including cybersecurity reviews, IT risk assessments, HIPAA compliance evaluations, SOX compliance support, vendor risk reviews, and operational technology audits across Pennant's healthcare operations. This role requires strong analytical skills, the ability to communicate effectively with all levels of the organization, and a commitment to continuous improvement and risk management. Essential Duties and Responsibilities IT Audit & Risk Management Perform IT audits and risk assessments across infrastructure, cloud services, cybersecurity, identity and access management, disaster recovery, business continuity, and third-party/vendor risk management processes. Conduct walkthroughs of IT processes and systems to identify key risks, controls, and opportunities for improvement. Evaluate the design and operating effectiveness of technology controls and provide recommendations to strengthen the control environment. Assess compliance with organizational policies, regulatory requirements, and industry frameworks, including the NIST Cybersecurity Framework (NIST CSF) and HIPAA Security Rule requirements. Participate in cybersecurity assessments and reviews focused on security governance, vulnerability management, incident response, security monitoring, and identity management. Evaluate technology implementations, system upgrades, and major IT initiatives to ensure risks are appropriately identified and mitigated. Assist with third-party audits, regulatory examinations, and compliance reviews. Support enterprise risk management activities by identifying emerging technology and cybersecurity risks. Perform follow-up reviews to validate the remediation of identified findings and corrective action plans. Develop practical recommendations that balance risk reduction, operational efficiency, and business objectives. Compliance & Governance Support the organization's SOX compliance program through IT General Controls (ITGC) testing and application control reviews, as applicable. Assist with audits related to HIPAA, privacy, security, and other regulatory requirements impacting healthcare operations. Evaluate compliance with internal policies, standards, and governance processes. Assist with evidence collection and coordination efforts related to internal and external audits. Support ongoing monitoring and continuous improvement of compliance and control activities. Reporting & Communication Prepare clear, concise, and well-documented audit workpapers, reports, and presentations. Communicate audit observations, risks, and recommendations to management and stakeholders. Build collaborative relationships across Information Technology, Cybersecurity, Compliance, Finance, and Operations teams. Present findings and recommendations in a professional and constructive manner. Maintain professional and ethical standards while safeguarding confidential and sensitive information.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at pennant? Share your experience