Director, IT & Cybersecurity Audit jobs in United States
cer-icon
Apply on Employer Site
company-logo

UPMC · 12 hours ago

Director, IT & Cybersecurity Audit

positionPittsburgh, PA
timeFull-time
remoteOnsite
seniorityDirector/Executive
date7+ years exp

UPMC is a healthcare organization seeking a Director for their IT & Cybersecurity Internal Audit function. The role involves leading the audit strategy, overseeing risk-based audits, and ensuring compliance with regulatory frameworks while building a high-performing team and advancing audit methodologies.

BiotechnologyHealth CareHospitalMedical
check
H1B Sponsor Likelynote

Responsibilities

Develop and execute IT & Cybersecurity audit strategy and annual plan aligned to enterprise priorities and threat landscape
Maintain an audit universe covering IT, cybersecurity, cloud, applications/SDLC, data privacy, third-party risk, infrastructure, and emerging technologies (e.g., AI/ML, automation)
Ensure audit practices align with regulatory and industry frameworks (HIPAA, HITECH, HITRUST, PCI-DSS, GDPR, NIST, ISO)
Provide assurance and advisory services on emerging risks and technology governance
Lead planning, fieldwork, and reporting for IT & Cybersecurity audits and special projects; ensure compliance with IIA standards and departmental methodology
Elevate audit quality through root-cause analysis, control design/effectiveness testing, and actionable remediation plans
Implement data analytics and continuous auditing to increase coverage and insight
Collaborate on integrated audits with other Internal Audit disciplines
Deliver concise, risk-based insights to Internal Audit leadership and senior executives
Maintain trusted relationships with IT, Cybersecurity, and business technology leaders; influence remediation and risk prioritization while preserving independence
Coordinate with ERM, Compliance, and Data Analytics teams on risk identification and thematic reporting
Participate in post-incident reviews to provide independent guidance and lessons learned
Recruit, develop, and retain IT & Cybersecurity audit talent; provide coaching, career paths, and succession planning
Foster a culture of curiosity, accountability, and continuous improvement; promote modern audit skills (cloud, cyber, analytics, AI)
Set clear goals, deliver timely feedback, and recognize excellence
Champion adoption and optimization of audit technology platforms (e.g., AuditBoard, TeamMate) for planning, workpapers, and issue tracking
Standardize audit programs and templates aligned to recognized frameworks
Advance innovation through automation, scripting, and analytics to enable continuous auditing and deeper risk insights

Qualification

IT audit strategyCybersecurity risk managementData analyticsAudit technology platformsCloud securitySecurity frameworksExecutive communicationTeam developmentProfessional skepticismContinuous improvementStakeholder engagementRisk prioritizationCuriosityLeadership

Required

Bachelor's degree in Information Systems, Computer Science, Cybersecurity, Engineering, Accounting, Business, or related field
7 years progressive experience in IT audit, cybersecurity, or technology risk
2 years managerial or supervisory experience required
Demonstrated leadership of complex audits across cloud, cybersecurity, applications/SDLC, infrastructure/operations, and data/privacy domains
Experience engaging executive leadership; proven ability to translate technical risk into business impact
Deep knowledge of security and control frameworks (e.g., NIST CSF, ISO 27001/27002, COBIT,HITRUST,ITIL); familiarity with SOC 1/2 criteria
Proficiency in cloud security, identity & access, network/infrastructure, DevSecOps/SDLC, data protection, logging/monitoring, and incident response
Strong data analytics skills (SQL, scripting, BI/visualization) and experience with continuous auditing/monitoring
Excellent communication: executive briefings, report writing, and storytelling with risk-based clarity
High integrity, professional skepticism, and sound judgment; able to challenge and influence constructively
Required (at least one): CISA, CISSP, CISM, CRISC, CIA, CPA, CCSK/CCSP, CEH, AWS/Azure/GCP security certifications

Preferred

Master's degree (e.g., Information Assurance, Cybersecurity, Analytics, MBA) is preferred
Healthcare experience and familiarity with HIPAA/HITECH/HITRUST and clinical/operational technologies (preferred), or strong ability to quickly learn healthcare environments

Company

UPMC

twittertwittertwitter
Glassdoor3.3
company-logo
UPMC is one of the leading nonprofit health systems in the United States. A $10 billion integrated global health enterprise headquartered
dateFounded in 1893
location
Pittsburgh, Pennsylvania, USA
people-size10001+ employees
web-link
https://www.upmc.com/

H1B Sponsorship

UPMC has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (3)
2024 (7)
2023 (4)
2022 (7)
2021 (7)
2020 (13)

Funding

Current Stage
Late Stage
Total Funding
$0.46M
Key Investors
Appalachian Regional Commission
2024-09-18Grant· $0.46M

Leadership Team

leader-logo
Leslie Davis
President and CEO
linkedin
leader-logo
Frederick M. Hargett
Chief Financial Officer
linkedin

Recent News

Medical Xpress - latest medical and health news stories
Study finds early withdrawal of care may limit recovery in severe brain injury
2026-01-16
Bizjournals.com Feed (2025-11-12 15:43:17)
UPMC Magee-Womens expands services to Washington hospital as part of $300M investment
2026-01-07
Business Feed
UPMC boosts Q3 operating revenue 13% to $25 billion
2025-11-28
Company data provided by crunchbase