IDENTITY CONTROLS AND AUDIT ENGINEER - EVERNORTH HEALTH SERVICES - HYBRID
About the position
At Evernorth, we are more than just a health insurance company; we are a global health service company. The Identity and Access Management (IAM) team plays a crucial role in our IT department, focusing on enforcing the principle of Least Privilege through regular reviews and technical access controls. This is essential for maintaining compliance during audits conducted by external parties. As part of our mission, we aim to audit our future and reduce risks through proactive control monitoring. This position encourages strategic thinking while fostering strong connections with team members. The Identity Governance Controls and Audit Engineer will be responsible for the design, development, and delivery of enterprise Access Control audit evidence. The role involves ensuring that access controls are effectively operated to enforce the principle of Least Privilege and meet stringent regulatory requirements. These controls undergo rigorous testing by external auditors to ensure accuracy and completeness, necessitating flawless execution and compelling documentation. In this role, you will facilitate the identification of control gaps, risk remediation, and proactive control monitoring. Key responsibilities include delivering and presenting control evidence to both internal and external auditors, contributing to the planning and execution of audit finding remediation, and conducting quality analysis of audit evidence. You will collaborate with various teams within the IAM department to validate, analyze, and articulate user access controls. Additionally, you will develop automated capabilities that support proactive control monitoring, evidence gathering, and reporting, ensuring effective testing of all IAM controls and timely reporting of results.
Responsibilities
?? Deliver and present control evidence to internal and external auditors.
,
?? Contribute to the planning and execution of audit finding remediation.
,
?? Conduct audit evidence quality analysis.
,
?? Collaborate with various teams within the IAM department to validate, analyze, and articulate user access controls.
,
?? Develop automated capabilities that support proactive control monitoring, evidence gathering, and reporting.
,
?? Ensure effective testing of all IAM controls and provide timely, accurate reporting of results.
Requirements
?? High School Diploma or equivalent; Bachelor's degree preferred.
,
?? Experience as an Information Systems Auditor.
,
?? Proficiency in scripting and programming languages (e.g., Python, Java, PowerShell, SQL).
,
?? Experience in data analytics and/or data mining preferred.
,
?? Hands-on experience with Identity Governance tools such as Saviynt, Aveska, CyberArk, and Active Directory.
,
?? Basic experience in Identity and Access Management and Privileged Access Management.
,
?? Effective verbal and written communication skills for working with both technical teams and business end users.
,
?? Ability to adapt in a dynamic work environment by learning quickly, solving problems, and making decisions with minimal supervision.
,
?? Act as a Subject Matter Expert (SME) to senior stakeholders and team members.
,
?? Proficient in developing project metrics, including gathering reporting, trend analysis, creation, and metrics.
,
?? Ability to identify issues and problems, generate solutions, and choose appropriate alternatives using basic root cause analysis.
,
?? Experience with compliance frameworks such as SOX, SOC1, SOC2, PCI, NIST, and HIPAA.
,
?? Understanding of information risk management concepts and proven ability to meet strict audit deadlines.
,
?? Demonstrated ability to coordinate people and teams cross-functionally to resolve complex issues within designated time frames.
,
?? Proactive and positive mindset.
,
?? CPA, CISA, or CISSP preferred.
Nice-to-haves
?? 2-4 years experience with SOX/SOC1/SOC2 audits over Security, Availability, Confidentiality, Privacy, and Processing Integrity Trust Service Principles.
Benefits
Apply Job!