Apply on Employer Site

Trilogy Health Services, LLC · 2 days ago

IS Internal Auditor

Louisville, KY

Full-time

Hybrid

Mid Level

3+ years exp

Trilogy Health Services is a senior living provider focused on being the Best Healthcare Company in The Midwest. The IS Internal Auditor will serve as a key liaison between IT, audit, and business teams to execute SOX 404B testing and operational IT audits, ensuring compliance with various regulatory standards.

Assisted LivingHealth CareNursing and Residential CareRehabilitation

Growth Opportunities

Responsibilities

Acts as the primary liaison between IT, IS, external audit, and business/IT application control owners to ensure effective communication and collaboration

Executes SOX 404B testing over IT General Controls (ITGC), IT application controls (ITAC), and key cybersecurity controls across financially relevant systems

Plans and performs walkthroughs, defines populations, selects samples, evaluates configurations/parameters, reperforms automated control logic, and assesses exceptions to support auditor reliance

Leads and executes non-SOX operational IT audits— plan and perform routine monitoring and testing of critical IT systems

Identifies control deficiencies and risks, recommends mitigation strategies in partnership with control owners, and follows up on remediation

Prepares clear, concise audit reports and present findings to management, routinely tracks audit projects, resource hours, and progress against plan; analyzes trends and outcomes; and provide reporting to support forecasting and continuous improvement of the audit plan

Supports the design and implementation of automated solutions for recurring audit and monitoring activities

Provides advanced data and reporting support to the audit team—assist with extracting system reports, structuring large datasets, and performing complex analyses (e.g., building dynamic pivot tables, reconciling data across sources, and executing comparative reviews) to enable efficient testing and insightful conclusions

Participates in annual IT risk assessments and consult with stakeholders in development of the IT audit plan

Assesses compliance with internal IT policies, regulatory requirements and industry standards, including HIPAA, NIST, and state-specific guidance

Reviews third-party and vendor risk management practices, including evaluating SOC 1 and SOC 2 reports, testing key controls, assessing subservice organizations, and mapping Complementary User Entity Controls (CUECs) to internal processes to ensure comprehensive coverage and compliance

Audits data privacy and governance practices, including encryption and data lifecycle management

Evaluates and participates in disaster recovery, business continuity, and incident response plans

Consults with internal teams on process and control development, quality improvement, and remediation activities

Monitors industry trends and emerging technologies to proactively identify risks, recommend improvements, and provide guidance and training to team members and control owners on relevant updates and best practices

Other duties as assigned

Qualification

SOX 404B testingIT General ControlsCertified Information Systems AuditorHIPAA complianceNIST standardsData analysisCommunication skillsTeam collaborationProblem-solving

Required

Bachelor Degree

3-5 years of experience

Certified Information Systems Auditor (CISA) strongly preferred

Sitting, standing, bending, reaching, stretching, stooping, walking, and moving intermittently during working hours

Must be able to lift at least 50lbs

Must be able to maintain verbal and written communication with co-workers, supervisors, residents, family members, visitors, vendors, and all business associates outside of the health campus