Internal IT Auditor, Senior

Job Description

Your Role

The Senior Internal IT Auditor leads and executes audit engagements, serving as a subject matter resource and ensuring high-quality audit delivery across technology and cybersecurity domains.

Responsibilities

Your Work

In this role, you will:

• Be responsible for performing and leading transactional quality review audits with limited or no supervision
• Have expert knowledge of transactional quality assurance audit principles and methodology; considered a subject matter expert in multiple functional areas
• Support risk assessments and development of audit plans for data and AI governance areas
• Review controls over AI-enabled business processes, including data sourcing, model outputs, decisioning logic, and human oversight mechanisms
• Leads corrective/ preventive action planning related to transactional audits
• Assess design and operating effectiveness of controls related to intellectual property (IP) protection, including source code repositories, model artifacts, proprietary algorithms, and data assets
• Perform audits of DevSecOps pipelines, including CI/CD tooling, automated testing, code promotion, and segregation of duties across development environments
• Evaluate risks related to use of open-source software, third-party libraries, and external AI services, including licensing compliance, security vulnerabilities, and data leakage
• Analyze risks associated with data used in software and AI development, including data governance, quality, lineage, privacy, and regulatory compliance (e.g., HIPAA data considerations)
• Assess AI governance frameworks, including intake, approval, ethical review, monitoring, incident management, and model retirement processes
• Research issues and shares the findings of that work with varying groups effectively (executives, managers, line staff, etc.)
• Develop and maintains productive client and staff relationships through individual contacts and group meetings
• Be proficient in either operational, financial or IT auditing, but not yet an expert. Work still needs oversight to be released and reviewed by Management
• Work to achieve operational targets with direct impact on BSC departmental results
• Be responsible for entire projects or processes within BSC annual audit program
• Communicate with parties within and outside of BSC with the ability to educate others on complex disciplines

Qualifications

Your Knowledge and Experience

• Requires a bachelor's degree or equivalent experience
• Requires a minimum of 5 years of prior related experience
• Basic competence and knowledge with support from others of: Financial Accounting and Finance Concepts, Managerial Accounting, Regulatory, Legal and Economics, Quality Framework, Ethics and Fraud, Information Technology, Governance, Risk and Controls, Organizational Theory and Behavior
• Working knowledge of AI tools, models, and platforms (e.g., generative AI, ML systems), including associated risks, controls, and governance consideration
• Strong analytical and problem-solving skills
• Advanced knowledge of auditing typically obtained through advanced education combined with experience
• May have practical knowledge of project management
• Certified Information Systems Auditor (CISA), Advanced in AI Audit (AAIA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA) and/or Certified Secure Software Lifecycle Professional (CSSLP) highly desired

About the Team

About Blue Shield of California and the Ascendiun Family of Companies

As of January 2025, Blue Shield of California became a subsidiary of Ascendiun. Ascendiun is a nonprofit corporate entity that is the parent to a family of organizations including Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan; Altais, a clinical services company; and Stellarus, a company designed to scale healthcare solutions. Together, these organizations are referred to as the Ascendiun Family of Companies.

At Ascendiun, we believe in a brighter future for healthcare. As the parent to a family of four innovative healthcare companies, we're reimagining what's possible. Ascendiun is guided by the goal of transforming a dysfunctional American health care system into one worthy of our family and friends and sustainably affordable for everyone.

To achieve our mission, we foster an environment where all employees can thrive and contribute fully to address the needs of the various communities we serve. We are committed to creating and maintaining a supportive workplace that upholds our values and advances our goals.

Our Values:

• Honest. We hold ourselves to the highest ethical and integrity standards. We build trust by doing what we say we're going to do and by acknowledging and correcting where we fall short.
• Human. We strive to listen and communicate effectively, and showing empathy by understanding others' perspectives.
• Courageous. We stand up for what we believe in and are committed to the hard work necessary to achieve our ambitious goals.

Our Workplace Model:

We believe in fostering a workplace environment that balances purposeful in-person collaboration with flexibility - providing clear expectations while respecting the diverse needs of our workforce. Our workplace model is designed around intentional in-person interaction, collaboration, connection, creativity and flexibility:

• For most teams, this means coming into the office two days per week.
• Employees living more than 50 miles from an office location, out of state employees, and employees in certain member-facing roles should work with their manager to determine in-office time based on business need.
• For employees with medical conditions that may impact their ability to work in-office, we are committed to engaging in an interactive process and providing reasonable accommodations to ensure their work environment is conducive to their success and well-being.

The Company reserves the right to require more presence in the office based on business needs, and requirements are subject to change with periodic reviews.

Physical Requirements:

Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day.

Please click here for further physical requirement detail.

Equal Employment Opportunity:

External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.