FreeHire

Blue Shield of California

Internal IT Auditor, Consultant

Show

Your Role

The Consultant, Internal Audit (Technology / IT Audit) independently leads and executes complex audit and advisory engagements across technology environments. This role serves as a subject matter expert in IT audit and cybersecurity while providing strategic insight and guidance to management. The Consultant is accountable for delivering end-to-end audit work and acts as a trusted advisor to Director-level leadership and stakeholders.

Your Work

In this role, you will:

  • Perform non-technical and technical IT audits with minimal supervision
  • Define the scope of work for each audit
  • Evaluate the design and effectiveness of applied controls for processes, systems, networks, and applications in accordance with laws, regulations, policies, procedures, and standards
  • Support risk assessments and development of audit plans for data and AI governance areas
  • Review controls over AI-enabled business processes, including data sourcing, model outputs, decisioning logic, and human oversight mechanisms
  • Leads corrective/ preventive action planning related to transactional audits
  • Assess design and operating effectiveness of controls related to intellectual property (IP) protection, including source code repositories, model artifacts, proprietary algorithms, and data assets
  • Perform audits of DevSecOps pipelines, including CI/CD tooling, automated testing, code promotion, and segregation of duties across development environments
  • Evaluate risks related to use of open-source software, third-party libraries, and external AI services, including licensing compliance, security vulnerabilities, and data leakage
  • Analyze risks associated with data used in software and AI development, including data governance, quality, lineage, privacy, and regulatory compliance (e.g., HIPAA data considerations)
  • Assess AI governance frameworks, including intake, approval, ethical review, monitoring, incident management, and model retirement processes.
  • Complete detailed audit work papers that describe the scope of audit work performed, results of tests conducted, the controls in place, and the control or compliance deficiencies noted, using sound judgment

Your Knowledge and Experience

  • Requires a bachelor’s degree or equivalent experience
  • Requires a minimum of 7 years of prior related experience
  • Advanced understanding of technology, IT concepts and principles and the ability to leverage this knowledge to recommend effective solutions
  • Advanced knowledge of security software programs and implementation
  • Advanced knowledge of TCP/IP and networking (LAN, WAN and Wireless)
  • Advanced knowledge of key information technology risks and controls and available technology-based assessment techniques
  • Advanced knowledge of major risk assessment methodologies and security frameworks such as ISO, COBIT, COSO
  • Advanced knowledge of major operating systems such as UNIX (e.g., Solaris) and Windows servers (2000, 2003)
  • Advanced knowledge of major security tools and technologies such as intrusion detection and prevention systems, data loss prevention and identify management
  • Advanced knowledge of Security Incident Management, Business Continuity/Disaster Recovery, Personnel Security, Physical and Environmental Security processes
  • Working knowledge of AI tools, models, and platforms (e.g., generative AI, ML systems), including associated risks, controls, and governance consideration
  • Knowledge of computer forensics, penetration testing and hacking techniques
  • In-depth knowledge of security log analysis
  • Strong knowledge of security regulations including HIPAA / HITECH, SOX, PCI, SB1386, AB1950