Technology Auditor

**Job Description Summary**: Refers to the regulation compliance function for financial information collection, collation and reporting. May audit financial as well as procedural aspects. In-depth understanding of key business drivers; uses this understanding to accomplish own work. In-depth understanding of how work of own team integrates with other teams and contributes to the area.

GE HealthCare is a leading global medical technology and digital solutions innovator. Our purpose is to create a world where healthcare has no limits. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.

**Roles and Responsibilities**
- With oversight from Managers and other senior team members, **test internal controls by performing test of design and test of operating effectiveness** by reviewing and documenting relevant evidence to conclude on the design and operational effectiveness of controls and the overall control environment.
- Collaborate with colleague across the globe, adaptability and strong understanding of global business practices are key attributes for success for this position.
- Participate in meetings with key client contacts and stakeholders to review key concepts, gaps or issues with risk management and control design elements, support and conclusions.
- Adapt testing approach based on risks identified.
- Assess documentation, processes, methods, policies, costs, and other factors to determine if assigned scope areas are operating in accordance with established and relevant controls and in a way that adequately mitigates identified risks.
- Prepares clear and well-organized audit work documentation within an automated workflow that clearly documents root cause, work performed, investigation summaries, and recommendations.
- Present initial audit observations to the IA leadership and audit stakeholders, as required.
- Embrace an equitable and inclusive environment where people can bring their full selves to work and unlock their greatest potential and contributions to the team.
- Stay abreast of new and emerging regulations & trends that impacts the risk landscape and rapidly adjust audit plan or procedures accordingly.

**Required Competencies**
- Internal Control Knowledge: Ability to understand and assess the design, implementation, and operating effectiveness of internal controls.
- ** Information Technology Control Knowledge**: Uses understanding of IT controls and IT control frameworks to evaluate IT controls across core business processes, requiring some guidance from dedicated IT auditors.
- ** A strong foundation on Information Security principles**
- ** A sound knowledge of at least 2 out of the following domain areas: SDLC, Network & IT infrastructure, Cybersecurity (threat hunting, vulnerability assessment, DLP, etc.), Cloud Computing**
- Project Management: Contributes to the planning and execution of planned audits.
- ** Critical thinking skills: An ability to view at a problem from multiple perspectives, assess risk, structured and logical thought process**
- Root Cause Analysis: Ability to identify the root cause of an issue, demonstrating awareness of various root cause analysis techniques, such as the “5 why’s” test.
- ** Writing: Ability to document in a clear, concise, and logical manner**process understanding (i.e., narratives/flow diagrams), risks, control descriptions, and test results (i.e., symptoms). Ability to analyze evidence and document findings in a structured and coherent way.
- Conflict Management Negotiation: Ability to handle difficult situations with diplomacy and tact and negotiate with management as appropriate to ensure key findings and follow-up actions are agreed upon.
- Influence: Ability to build trust and support with auditees
- Data Analysis and Business Intelligence Knowledge: General understanding of data and analytics techniques used in analyzing large volumes of data, ability to conduct simple data analysis using excel functions.

**Required Qualifications**
- A Bachelor's or Master’s degree in Engineering
- Two to five years of relevant internal audit or IT SOX testing experience in industries such as Manufacturing, Medical Devices, Technology, Consulting or Financial Services.
- Ability to travel internationally and domestically approximately 15-20%.

**Desired Characteristics**
- CISA, CISSP, CISM or other professional certification is a plus.
- Familiarity with industry standards/framework, such as NIST 800-53, NIST 800-171, NIST Privacy Framework, CSA CCM, ISO 27001, ITIL v3, COBIT and FAIR is desirable.
- Understanding of IT Operational Functions and concepts including IAM, Asset Management, Cybersecurity, Data Privacy
- Audit/risk management experience or exposure is preferred.
- General knowledge of legal, regulatory and compliance requirements.
- Excellent listening, verbal, written and presentation communication skills.
- Lean