IT Internal Audit Lead

BrightSpring Health Services

The IT Internal Audit Lead supports the execution of the SOX 404 program with a focus on IT risks and controls and independently performs riskbased IT and technologyenabled audits. This role partners with IT and business stakeholders, cosourced providers, and other assurance functions to deliver timely, highquality assurance and actionable insights related to systems, applications, and data. As the Internal Audit function continues to mature and expand, this role is expected to grow in breadth and scope, taking on increasing responsibility across IT audit coverage, emerging technology risks, and assurance coordination.

The IT Internal Audit Lead works with the Vice President of Internal Audit, IT leadership, and business stakeholders to execute the Company's internal audit plan, with emphasis on IT risk and controls
• Fosters relationships with IT and business personnel at appropriate levels and serve as a subject matter expert for IT control design, system access, change management, data integrity, and documentation standards
• Consistently deliver highquality IT internal audit services in accordance with applicable professional standards (IIA, ISACA)
• Contributes to the annual audit plan and periodic risk updates, partnering with other assurance providers to coordinate activities and enhance overall assurance coverage across IT risks
• Independently plan and execute riskbased IT and technologyenabled audits, including defining objectives and scope, developing test procedures, performing fieldwork, synthesizing findings, assessing impact, and recommending practical, actionable remediation
• Drives highquality work products within expected time frames and budget
• Coordinates multiple concurrent projects and proactively manage stakeholder expectations related to service delivery and timelines
• Stays abreast of current technology, cybersecurity, and industry risk trends
• Performs other duties as assigned
• Supports execution of the SOX 404 program related to IT General Controls (ITGCs), automated application controls, and systemdependent controls, coordinating closely with thirdparty service providers
• Facilitates and lead IT SOX walkthroughs and design effectiveness assessments, including evaluation of:
  • logical access controls,
  • change management,
  • IT operations,
  • system interfaces, and
  • ITdependent manual controls and IPE completeness and accuracy
• Oversee and review cosourced operating effectiveness testing of IT controls, ensuring testing approaches, evidence, and conclusions meet Internal Audit standards and support external auditor reliance
• Perform operating effectiveness testing as needed, validate systemgenerated evidence, and ensure conclusions are supportable, clearly documented, and auditready
• Provide daytoday oversight and project management of cosourced resources supporting SOX IT and IT audit engagements, including coordinating scope, timelines, deliverables, and reviewing workpapers for quality and consistency
• Serve as one of the primary points of contact for assigned cosource engagements, facilitating communication, resolving issues, and escalating risks or delivery concerns as appropriate
• Independently manage and execute assigned IT audit engagements endtoend, while balancing oversight responsibilities and ensuring alignment with Internal Audit standards and expectations
• Supervisory Responsibility: Yes

• Bachelor's degree in Information Systems, Computer Science, Accounting, Finance, or a related field.
• 5-7+ years of experience in Internal Audit, IT Audit, or external audit (Big 4 or national firm strongly preferred), with substantial:
  • SOX ITGC ownership, and
  • hands on IT audit or technology risk assessment experience.
• Experience auditing ERP environments (e.g., SAP, Oracle), key business applications, and supporting infrastructure preferred.
• Industry experience in healthcare, provider services, pharmacy services, or other regulated environments preferred.
• CISA strongly preferred; CIA or CPA a plus
• Strong knowledge of ITGCs, SOX/PCAOB expectations, COSO, COBIT, and IIA/ISACA standards.
• Experience evaluating IT dependent manual controls, automated controls, system interfaces, and reports used as IPE.
• Proficiency with audit management platforms (e.g., Workiva, AuditBoard, TeamMate).
• Strong analytical and data evaluation skills; familiarity with data analytics or continuous auditing concepts is a plus.
• Excellent written and verbal communication skills, with the ability to explain technical concepts to non technical stakeholders.
• Percentage of Travel: 0-25%

**To perform this role will require frequently sitting and typing on a keyboard with fingers, and occasionally standing, walking, and climbing (stairs/ladders). The physical requirements will be the ability to push/pull and lift/carry 1-10 lbs**