Senior Auditor - SOx (IT)

Job Description SummaryThe Role holder will be a member of the team responsible for the execution of overall IT SOx program that supports GEHC’s SOx certification.
The Role holder will work collaboratively with other team members, broader IT organization of CIOs, IT Process/ Control Owners, IT Risk Leader and his team, External Auditors, and with the Business Process SOx team. GE HealthCare is an $18 B publicly traded, healthcare technology company that spun off from General Electric Company in January of 2023. We are expanding the capabilities of the current Internal Controls function by adding roles to support its expanded SOX program and other internal controls monitoring related activities. GEHC SOx team is an integrated team, managing both Business Process & IT Sox.
GE HealthCare is a leading global medical technology and digital solutions innovator. Our purpose is to create a world where healthcare has no limits. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.

Job Description

Roles and Responsibilities

• Control Walkthroughs and Testing:

  • Lead and schedule walkthroughs for assigned IT controls to gain a comprehensive understanding of the Company’s IT infrastructure and its alignment with key business/ IT processes.

  • Perform detailed control testing and accurately document results in accordance with workpaper standards and audit methodology set by GEHC.

  • Ensure documentation reflects a clear narrative and complete audit trail for both design and operating effectiveness testing.

• Quality and Accountability:

  • Own the quality and integrity of all deliverables, ensuring they meet or exceed internal standards and regulatory expectations.

  • Maintain accountability for the accuracy, clarity, and completeness of audit documentation and testing artifacts.

• Issue Identification and Remediation:

  • Proactively identify and escalate control deficiencies or process gaps to the IT SOx Manager in a timely manner.

  • Collaborate with control and process owners to confirm deficiencies, assess associated risks, and agree on appropriate remediation actions and timelines.

  • Evaluate the impact of control deficiencies, including the identification and validation of mitigating controls where applicable.

• Remediation Testing and Closure:

  • Conduct thorough follow-up testing on remediated controls to evaluate both design adequacy and operational effectiveness.

  • Review and validate remediation efforts before formally closing deficiencies in line with SOx compliance requirements.

• Reporting and Communication:

  • Support the preparation and delivery of periodic reports to executive and senior leadership teams on the progress of IT SOx activities against the compliance plan.

  • Provide clear and concise updates regarding key risks, open issues, and remediation status.

• Program Support:

  • Contribute to ongoing enhancements of the IT SOX compliance program by recommending improvements to methodologies, templates, and workflows.

  • Take on ad-hoc assignments or strategic projects as requested by the IT SOX Manager to support program execution and maturity.

Required Qualifications

• Minimum of 5 years of progressive experience in IT audit, IT SOX compliance, risk management, or a related field including at least 2 years with a Big four audit firm preferably.

• Bachelor's degree in Information Systems, Accounting, Finance, Computer Science, or a related discipline from an accredited institution.

• Strong understanding of IT General Controls (ITGCs), IT Automated Business Controls (ITACs) and SOX 404 compliance, including:

• Solid working knowledge of risk and control frameworks such as COSO, COBIT, NIST, or ISO 27001.

• Proven experience drafting and reviewing IT risks, control descriptions, test plans, exception reports, and remediation recommendations.

• Demonstrated experience managing end-to-end SOX compliance cycles, including walkthroughs, testing, documentation, control assessments, and remediation tracking.

• Experience in performing quality assurance reviews of control testing performed by team members or third-party consultants.

• Reports To: IT SOX Manager

Core Competencies

• Integrity: Consistently demonstrates high ethical standards and sound judgment in handling sensitive issues.

• Proactive & Self-Driven: Ability to work independently, manage time effectively, and drive tasks to completion with minimal supervision.

• Analytical Thinking: Strong problem-solving skills with the ability to analyze complex IT environments and identify relevant risks and controls.

• Communication: Excellent written and verbal communication skills in English, with the ability to interact effectively across technical and non-technical stakeholders.

• Adaptability: Quick learner who can adjust to shifting priorities and apply new knowledge in dynamic environments.
   

Inclusion and Diversity

GE HealthCare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support

Disclaimer: GE HealthCare will never ask for payment to process documents, refer you to a third party to process applications or visas, or ask you to pay costs. Never send money to anyone suggesting they can provide employment with GE HealthCare.  If you suspect you have received a fraudulent call , please fill out the form below: https://www.ge.com/careers/fraud

Additional Information