IT Application Manager, Corporate Audit

At CVS Health, we're building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.As the nation's leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues - caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.There is no H-1B Sponsorship available for this role Job Purpose and Summary:

The IT Application Manager, Corp Audit will be a key member of the Sarbanes-Oxley (SOX) Audit team and will lead the design evaluation and testing of the IT application controls (i.e., automated business controls). This role serves as a subject matter expert for assessing application controls across the Company and is responsible for overseeing a project team in the planning and execution of concurrent and/or complex independent technology and digital audits/projects to evaluate internal control processes in a variety of technology and digital areas. The IT Application Manager will be reporting directly to the Executive Director of the Sarbanes-Oxley Finance program and will collaborate with the various SOX teams across the Enterprise. Primary Job Duties & Responsibilities: 1. Audit Project Management

• Develop and execute risk-based IT application audit plans to support Sarbanes-Oxley (SOX) audit program
• Assess application controls and security configurations across the Enterprise
• Perform data integrity and system interface reviews
• Serve as project team leader to plan, organize, and facilitate multiple, concurrent projects of high complexity
• Review, in depth, the process documentation obtained during the walkthroughs and determining the nature, timing and extent of audit procedures needed
• Develop project plan based on agreed upon timeline with technology and digital areas including overall delegation of work to team
• Work with the external auditors and regulatory bodies, as needed
• Effectively communicate business risks and scoping requirements to the IT internal audit team

• Effectively perform and document audit activities in accordance with professional standards and the organization's audit methodology
• Execute testing and create work paper documentation
• Understand procedures, results and business impacts; and document and express such understanding in both written and verbal form
• Interacts with various levels of Internal Audit and technology and digital line management to resolve issues in a timely manner and to maintain effective communications
• Reports related audit findings to technology and digital management

• Meets administrative reporting requirements and supports department initiatives
• Demonstrates a commitment to integrity and the company code of conduct, and a respect for diversity and inclusion
• Contribute to overall Internal Audit Department team norms to promote a positive environment and improve team effectiveness

• 5 + years of experience in IT Audit, Controls Assessment, Control Validation, Risk Assessment, or Risk Consulting
• Regular and reliable attendance
• Ability to travel up to 10%

• Prior experience in strategizing, planning and developing business compliant audit project plans
• Professional designations such as CISA, CRISC, CISM, CGEIT, CCAK, CDPSE, CPA, CIA, etc., or measured progress in achieving such designations
• Demonstrate a broad understanding of IT related application controls, related technologies and deployment strategies and how automated business controls function within these technologies and in broader business processes.
• Manage, and perform IT, cybersecurity, infrastructure, SDLC, regulatory, and emerging technology audits.
• Identify, and clearly define, IT audit issues and root causes, recommend improved internal controls and business processes, and ensure that corrective action plans are developed and implemented.
• Understanding of Information Risk Frameworks (NIST 800-53, COBIT 5, ISO/IEC 27001/2, HITRUST, PCI DSS), eGRC tools, ISACA, and IIA Standards.
• Knowledge of SOC 1 and SOC 2 standards
• Familiarity with Data Privacy regulations and industry standards (e.g. HIPAA, GDPR, CCPA)
• Understanding of cloud environments and data classification and protection concepts
• Understanding of key IT concepts and processes - including applications and infrastructure, security and vulnerability assessments, change control, access management, job scheduling, disaster recovery, data privacy, and IT risk assessment, automated control environments, cybersecurity best practices, Cloud security controls etc.
• Demonstrate an ability to understand and communicate with both members of the business and IT, bridging gaps in understanding between the groups
• Practical knowledge of processes, risks, and internal controls
• Prior audit experience including technical report writing desirable
• Strong analytical, deductive, problem solving, and critical thinking skills
• Good teamwork and collaboration skills
• Prior project management experience
• Solid meeting management and oral/written communication skills

• Bachelor's degree in a relevant field such as I nformation Technology, Data Analytics, Finance, Accounting, etc . OR equivalent experience.

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.