IT Security Audit and Compliance Specialist

Confidential Company

Job Summary.

The IT Security Audit and Compliance Specialist plays a critical role in maintaining the organization’s cybersecurity and data protection posture. This role involves developing, executing, and maintaining robust audit programs to ensure compliance with internal policies, regulatory requirements, and industry standards, particularly within the healthcare sector.

Job Responsibilities-

• Develop and manage a comprehensive security audit program to ensure thorough coverage across all business units.

• Oversee cybersecurity, data protection, and privacy compliance across healthcare entities, insurance providers, and partners.

• Conduct regular compliance maturity assessments and reviews to track progress and posture improvement.

• Plan, coordinate, and execute security audit activities across departments.

• Define audit scopes, objectives, and develop tailored audit work plans and test procedures.

• Conduct audits on critical systems and applications to validate security and compliance effectiveness.

• Ensure alignment with legal, regulatory, and contractual compliance obligations.

• Build and maintain a comprehensive controls matrix mapped to relevant frameworks such as ISO, NIST, HIPAA, etc.

• Prepare detailed audit findings, compliance reports, and progress updates for senior management.

• Identify compliance risks related to key business initiatives and recommend mitigation measures.

• Monitor internal compliance efforts, including IT system reviews, vulnerability scans, and mandatory training programs.

• Prepare and submit timely audit documentation, findings, and evidence.

• Schedule and conduct periodic audits across systems, networks, and applications, including Azure Cloud, O365, IAM, and PAM environments.

• Monitor Data Loss Prevention (DLP) compliance and follow up with responsible teams for remediation.

• Collaborate with IT operations and business units to ensure timely resolution of non-compliance issues and vulnerabilities.

• Provide recommendations to address and mitigate identified critical risks.

• Liaise with external and internal audit teams and ensure all evidence and documentation are prepared and submitted promptly.

• Work with business units (Finance, HR, Projects, etc.) to gather inputs necessary for audits.

• Track and ensure timely closure of audit findings and implementation of recommendations.

• Monitor the resolution of prior audit issues to ensure continuous improvement.