Sign upLog in

Internal IT Auditor, Consultant

Blue Cross and Blue Shield Association

Long Beach, CA

Apply
JOB DETAILS
SKILLS
Algorithms, Artificial Intelligence (AI), Auditing, Business Continuity Planning (BCP), Business Processes, Committee of Sponsoring Organizations of the Treadway Commission (COSO), Computer Forensics, Computer Hacking, Computer Security, Consulting, Continuous Deployment/Delivery, Continuous Integration, Control Objectives for Information and related Technology (COBIT), Corrective Action, Data Modeling, Data Processing, Design Evaluation, Disaster Recovery, HIPAA (Health Insurance Portability and Accountability Act), ISO (International Organization for Standardization), Incident Management, Information Technology & Information Systems, Information Technology Consulting, Information Technology/Systems Audit, Intellectual Property (IP), Internal Audit, Internet Security, Intrusion Detection Systems, Intrusion Detection and Prevention (IDP), Leadership, Licensing Compliance, Local Area Network (LAN), Loss Prevention, Machine Tool, Management Consulting, Management Strategy, Microsoft Windows 2000, Open Source, Operating Systems, Oracle Solaris (fka Sun Microsystems Solaris), PCI, Penetration Testing, Physical Security, Privacy Regulations, Problem Solving Skills, Process Modeling, Quality Assurance Methodology, Regulations, Regulatory Compliance, Risk Analysis, Risk Management, Sarbanes-Oxley Act (SOX), Security Analysis, Security Software, Software Development, Source Code/Configuration Management (SCM), TCP/IP (Transmission Control Protocol/Internet Protocol), Technology Analysis, Test Automation, Unix Operating Systems, Wide Area Network (WAN), Wireless Communications
LOCATION
Long Beach, CA
POSTED
6 days ago

Your Role

The Consultant, Internal Audit (Technology / IT Audit) independently leads and executes complex audit and advisory engagements across technology environments. This role serves as a subject matter expert in IT audit and cybersecurity while providing strategic insight and guidance to management. The Consultant is accountable for delivering end-to-end audit work and acts as a trusted advisor to Director-level leadership and stakeholders.

Your Knowledge and Experience

  • Requires a bachelor's degree or equivalent experience
  • Requires a minimum of 7 years of prior related experience
  • Advanced understanding of technology, IT concepts and principles and the ability to leverage this knowledge to recommend effective solutions
  • Advanced knowledge of security software programs and implementation
  • Advanced knowledge of TCP/IP and networking (LAN, WAN and Wireless)
  • Advanced knowledge of key information technology risks and controls and available technology-based assessment techniques
  • Advanced knowledge of major risk assessment methodologies and security frameworks such as ISO, COBIT, COSO
  • Advanced knowledge of major operating systems such as UNIX (e.g., Solaris) and Windows servers (2000, 2003)
  • Advanced knowledge of major security tools and technologies such as intrusion detection and prevention systems, data loss prevention and identify management
  • Advanced knowledge of Security Incident Management, Business Continuity/Disaster Recovery, Personnel Security, Physical and Environmental Security processes
  • Working knowledge of AI tools, models, and platforms (e.g., generative AI, ML systems), including associated risks, controls, and governance consideration
  • Knowledge of computer forensics, penetration testing and hacking techniques
  • In-depth knowledge of security log analysis
  • Strong knowledge of security regulations including HIPAA / HITECH, SOX, PCI, SB1386, AB1950

Your Work

In this role, you will:

  • Perform non-technical and technical IT audits with minimal supervision
  • Define the scope of work for each audit
  • Evaluate the design and effectiveness of applied controls for processes, systems, networks, and applications in accordance with laws, regulations, policies, procedures, and standards
  • Support risk assessments and development of audit plans for data and AI governance areas
  • Review controls over AI-enabled business processes, including data sourcing, model outputs, decisioning logic, and human oversight mechanisms
  • Leads corrective/ preventive action planning related to transactional audits
  • Assess design and operating effectiveness of controls related to intellectual property (IP) protection, including source code repositories, model artifacts, proprietary algorithms, and data assets
  • Perform audits of DevSecOps pipelines, including CI/CD tooling, automated testing, code promotion, and segregation of duties across development environments
  • Evaluate risks related to use of open-source software, third-party libraries, and external AI services, including licensing compliance, security vulnerabilities, and data leakage
  • Analyze risks associated with data used in software and AI development, including data governance, quality, lineage, privacy, and regulatory compliance (e.g., HIPAA data considerations)
  • Assess AI governance frameworks, including intake, approval, ethical review, monitoring, incident management, and model retirement processes.
  • Complete detailed audit work papers that describe the scope of audit work performed, results of tests conducted, the controls in place, and the control or compliance deficiencies noted, using sound judgment

Your Work

In this role, you will:

  • Perform non-technical and technical IT audits with minimal supervision
  • Define the scope of work for each audit
  • Evaluate the design and effectiveness of applied controls for processes, systems, networks, and applications in accordance with laws, regulations, policies, procedures, and standards
  • Support risk assessments and development of audit plans for data and AI governance areas
  • Review controls over AI-enabled business processes, including data sourcing, model outputs, decisioning logic, and human oversight mechanisms
  • Leads corrective/ preventive action planning related to transactional audits
  • Assess design and operating effectiveness of controls related to intellectual property (IP) protection, including source code repositories, model artifacts, proprietary algorithms, and data assets
  • Perform audits of DevSecOps pipelines, including CI/CD tooling, automated testing, code promotion, and segregation of duties across development environments
  • Evaluate risks related to use of open-source software, third-party libraries, and external AI services, including licensing compliance, security vulnerabilities, and data leakage
  • Analyze risks associated with data used in software and AI development, including data governance, quality, lineage, privacy, and regulatory compliance (e.g., HIPAA data considerations)
  • Assess AI governance frameworks, including intake, approval, ethical review, monitoring, incident management, and model retirement processes.
  • Complete detailed audit work papers that describe the scope of audit work performed, results of tests conducted, the controls in place, and the control or compliance deficiencies noted, using sound judgment

About the Company

B

Blue Cross and Blue Shield Association

At the Blue Cross and Blue Shield Association (BCBSA), we provide business strategy, technical support and consulting expertise to 36 Blue Cross and Blue Shield companies across the nation, employing more than 1,000 of the best strategic thinkers in the industry. We are a Brand manager that sets quality control standards for the 36 independent companies that use the Blue Cross and Blue Shield Brands, and we serve as a trade association that represents these Blue companies. It is through our involvement that the Blues companies share a united vision and strategy while also benefiting from the local strength of all member companies.
COMPANY SIZE
2,000 to 2,499 employees
INDUSTRY
Insurance
WEBSITE
https://www.bcbs.com/about-us/careers