Internal Audit Sr Associate – IT

ABOUT KODIAK SOLUTIONS

At Kodiak Solutions, we’re dedicated to transforming the healthcare industry through cutting-edge, technology-driven solutions. We specialize in healthcare finance, unclaimed property, risk management, and revenue cycle management, helping healthcare organizations streamline complex financial operations. Our mission is to simplify and optimize processes, so healthcare providers can focus on delivering excellent patient care.

Powered by our innovative platform, we offer cloud-based systems, automated workflows, and advanced data management tools designed to address the unique challenges in healthcare. Whether it's improving revenue cycle efficiency, navigating unclaimed property issues, or mitigating risk, our platform delivers real-time, actionable insights to drive better outcomes

JOB SUMMARY

The Internal IT Auditor is responsible for assessing information technology controls, cybersecurity processes, data governance practices, and system‑related operational workflows across Kodiak’s healthcare clients. This role requires an analytical and critically minded professional who can exercise sound judgment, communicate clearly, and independently troubleshoot complex issues while maintaining strong collaborative relationships with senior leaders, including CIOs, CISOs, IT Directors, and other executive stakeholders. The position may also lead and coordinate the work of internal auditors by providing direction, coaching, and quality oversight to ensure consistent, high‑quality audit execution and support the professional growth of less‑experienced team members.

Kodiak’s customers include health systems, hospitals, and physician practices. Engagements may involve evaluating IT general controls (ITGCs), system access and provisioning, change management, data integrity, cybersecurity and privacy risks, IT asset management, incident response readiness, and other technology‑focused audit or advisory projects. The Internal IT Auditor will also help apply a Risk Intelligence–based approach to identify key risk indicators and areas suitable for continuous monitoring, strengthening long‑term control effectiveness and operational visibility. The role further supports enterprise‑level risk assessments and contributes to internal audit plans aligned with organizational strategy, regulatory requirements, and evolving healthcare technology risks.

 

Preferred Knowledge & Skills 

• Strong understanding of IT general controls, cybersecurity frameworks, and information security best practices
• Familiarity with healthcare IT environments, including EHR systems, ERP platforms, data interfaces, and cloud‑based applications
• Experience developing techniques to evaluate healthcare‑specific technology risks, including those related to clinical operations, system interoperability, and third‑party/vendor dependencies
• Ability to manage multiple projects and achieve timely completion
• Comfort working in a remote team environment and fostering strong customer relationships Experience leading walkthroughs and discussions with IT, clinical informatics, cybersecurity, revenue cycle, and compliance stakeholders
• Experience leading and coordinating the work of internal auditors, providing guidance, coaching, and oversight to ensure high‑quality audit execution and professional development
• Ability to clearly communicate audit expectations, required evidence, and preliminary observations to system owners and clinical/operational leaders
• Ability to prepare concise, executive‑level reports that synthesize IT and operational risks, control gaps, and recommended actions with clear linkage to clinical, operational, and financial impact
• Proficiency with Microsoft Office applications
• Experience with cybersecurity regulations or frameworks (e.g., NIST, HITRUST, HIPAA Security Rule)
• Experience with data analysis tools or audit software is a plus

 

Required Qualifications

• Bachelor’s degree in Information Systems, Computer Science, Accounting, or a related field
• Minimum of 4 years of IT auditing experience, preferably within healthcare
• Minimum of 3–4 years of audit or consulting experience (healthcare preferred)
• Understanding of IT risk management, cybersecurity, and internal control frameworks
• Certifications such as CISA, CISSP, CHC, or similar are a plus but not required
• Ability to travel a minimum of 20%