Cyber Assurance Specialist- Internal Audit

Job Description SummaryGE HealthCare is a leading global medical technology and digital solutions innovator. Our purpose is to create a world where healthcare has no limits. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.
The Internal Audit (IA) function is entering year three of its transformation following GE HealthCare's separation in January 2023 as a standalone public company. As part of the transformation, IA is creating a modern, technology and data-driven program with a LEAN mindset. The IA function is a global team with presence in United States, United Kingdom, Singapore, and India. The function is independent and reports to the GE HealthCare Audit Committee.
Reporting to the Cyber Assurance Senior Manager, Cyber Assurance Specialist will interact with key process owners and colleagues across GE HealthCare . Cyber Assurance Specialist will also be responsible for completing the audits and projects as outlined in the Internal Audit Plan and play a critical role in assessing the effectiveness of the control environment and providing value added recommendations across the organization. Cyber Assurance Specialist will gain a robust understanding of the operations of segments, regions, and functions within GE HealthCare. This role requires clear communication with team members worldwide, as well the ability to independently manage tasks within a flexible schedule.

Job Description

A key priority for this role will be to execute audits in a fast paced and growth-oriented environment in accordance with the IA methodology and the Institute of Internal Auditors (IIA) Standards. Working autonomously as well as in collaboration with other members, the Cyber Assurance Specialist will support in various aspects of IA processes such as risk assessments, audit planning and execution, issue management and special department initiatives for continuous improvement.

Roles and Responsibilities

• With oversight from Managers and other senior team members, perform cyber audit work and test internal controls by reviewing and documenting relevant evidence to conclude on the design and operational effectiveness of controls and the overall control environment.

• Conduct in-depth inquiry and data analysis to understand cyber and technology operations, assess risk based on industry risk profile, and supports the development of project scope for cross-functional process areas, leveraging business knowledge and expertise of others.

• Support comprehensive cybersecurity audits and assessments of an organization's IT infrastructure to identify vulnerabilities, weaknesses, and gaps in their security controls.

• Collaborate with colleagues across the globe, adaptability and strong understanding of global business practices are key attributes for success for this position.

• Participate in meetings with key client contacts and stakeholders to review key concepts, gaps or issues with risk management and control design elements, support, and conclusions.

• Adapt testing approach based on risks identified.

• Assess documentation, processes, methods, policies, costs, and other factors to determine if assigned scope areas are operating in accordance with established and relevant controls and in a way that adequately mitigates identified risks.

• Prepares clear and well-organized audit work documentation within an automated
  workflow that clearly documents root cause, work performed, investigation
  summaries, and recommendations.

• Present initial audit observations to the IA leadership and audit stakeholders, as required.

• Embrace an equitable and inclusive environment where people can bring their full selves to work and unlock their greatest potential and contributions to the team.

• Stay abreast of new and emerging cybersecurity and AI regulations & trends that impact the risk landscape and rapidly adjust audit plan or procedures accordingly.

• Evaluate AI governance practices and alignment with leading guidance (e.g., NIST AI RMF, ISO/IEC 42001, ISO/IEC 23894) and GE HealthCare policies.

• Support the Data Analytics manager by assisting with management of AI/ML systems used in cyber assurance audits

Qualifications

• A Bachelor's degree in Accounting, Finance, Business Administration, Computer Science, or "STEM" (Science, Technology, Engineering or Mathematics) Majors

• Two to five years of relevant internal audit or equivalent experience in industries such as Manufacturing, Medical Devices, Technology, Consulting, Government, Energy & Utilities, or Financial Services.

• Exposure to AI/ML systems (e.g., participating in model validation, data quality assessment, or reviewing MLOps artifacts) is a plus. Willingness to learn and apply AI audit procedures is expected.

• Ability to travel internationally and domestically approximately 15-20%.

Desired Characteristics

• CIA, CISA, CISSP, CISM, AAIA, AAISM or other professional cybersecurity certification is a plus.

• Familiarity with industry standards/framework, such as MITRE, OWASP Top-10, NIST 800-115, NIST 800-53, NIST 800-171, NIST Privacy Framework, NIST AI RMF, CSA CCM, ISO 27001, ISO/IEC 42001, and ISO/IEC 23894, ITIL v3, COBIT and FAIR is desirable.

• Experience using SQL or Python for data sampling, profiling, or simple model‑evidence review is a plus.

• Understanding of IT Operational Functions and concepts including IAM, Asset Management, Cybersecurity, Data Privacy

• Audit/risk management experience or exposure is preferred.

• General knowledge of legal, regulatory and compliance requirements.

• Excellent listening, verbal, written and presentation communication skills.

• Lean Process orientation: Passion to help improve operations continuously.

• Experience with data analytics is a plus.

• Strong project management and organization skills.

• Problem solving skills that demonstrate logical and analytical thought processes.

• Know how to use technology and data to get things done.

• Ability to flex personal style according to the context of a situation to drive engagement with all stakeholders.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership –always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration, and support.

#LI-BR3

#LI-Hybrid

We will not sponsor individuals for employment visas, now or in the future, for this job opening. For U.S. based positions only, the pay range for this position is $83,200.00-$124,800.00 Annual. It is not typical for an individual to be hired at or near the top of the pay range and compensation decisions are dependent on the facts and circumstances of each case. The specific compensation offered to a candidate may be influenced by a variety of factors including skills, qualifications, experience and location. In addition, this position may also be eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). GE HealthCare offers a competitive benefits package, including not but limited to medical, dental, vision, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, and tuition reimbursement.

Additional Information

While GE HealthCare does not currently require U.S. employees to be vaccinated against COVID-19, some GE HealthCare customers have vaccination mandates that may apply to certain GE HealthCare employees.