[Hiring] Internal IT Auditor @Kodiak Solutions

Role Description

The Internal IT Auditor is responsible for assessing information technology controls, cybersecurity processes, data governance practices, and system-related operational workflows across Kodiak’s healthcare clients. This role requires an analytical and critically minded professional who can:

• Exercise sound judgment
• Communicate clearly
• Independently troubleshoot complex issues
• Maintain strong collaborative relationships with senior leaders, including CIOs, CISOs, IT Directors, and other executive stakeholders

The position may also lead and coordinate the work of internal auditors by providing direction, coaching, and quality oversight to ensure consistent, high-quality audit execution and support the professional growth of less-experienced team members.

Kodiak’s customers include health systems, hospitals, and physician practices. Engagements may involve:

• Evaluating IT general controls (ITGCs)
• System access and provisioning
• Change management
• Data integrity
• Cybersecurity and privacy risks
• IT asset management
• Incident response readiness
• Other technology-focused audit or advisory projects

The Internal IT Auditor will also help apply a Risk Intelligence–based approach to:

• Identify key risk indicators
• Strengthen long-term control effectiveness and operational visibility

The role further supports enterprise-level risk assessments and contributes to internal audit plans aligned with organizational strategy, regulatory requirements, and evolving healthcare technology risks.

Qualifications

• Strong understanding of IT general controls, cybersecurity frameworks, and information security best practices
• Familiarity with healthcare IT environments, including EHR systems, ERP platforms, data interfaces, and cloud-based applications
• Experience developing techniques to evaluate healthcare-specific technology risks, including those related to clinical operations, system interoperability, and third-party/vendor dependencies
• Ability to manage multiple projects and achieve timely completion
• Comfort working in a remote team environment and fostering strong customer relationships
• Experience leading walkthroughs and discussions with IT, clinical informatics, cybersecurity, revenue cycle, and compliance stakeholders
• Experience leading and coordinating the work of internal auditors, providing guidance, coaching, and oversight to ensure high-quality audit execution and professional development
• Ability to clearly communicate audit expectations, required evidence, and preliminary observations to system owners and clinical/operational leaders
• Ability to prepare concise, executive-level reports that synthesize IT and operational risks, control gaps, and recommended actions with clear linkage to clinical, operational, and financial impact
• Proficiency with Microsoft Office applications
• Experience with cybersecurity regulations or frameworks (e.g., NIST, HITRUST, HIPAA Security Rule)
• Experience with data analysis tools or audit software is a plus

Requirements

• Bachelor’s degree in Information Systems, Computer Science, Accounting, or a related field
• Minimum of 4 years of IT auditing experience, preferably within healthcare
• Minimum of 3–4 years of audit or consulting experience (healthcare preferred)
• Understanding of IT risk management, cybersecurity, and internal control frameworks
• Certifications such as CISA, CISSP, CHC, or similar are a plus but not required
• Ability to travel a minimum of 20%