Menu:

• Welcome!
• About Us
• News
• Employment
• Links
• Join ISACA
• Documents
• Contact Us

Events:

Click on dates in blue to view events on that day. Be sure to check future months for info!

Employment Opportunities

IT Audit positions at HealthNow NY

Internal Auditor - Financial/Operational

Internal Auditor - Information Technology

Job Description: Financial Operational Auditor:
Plans, organizes and executes financial, operational and compliance audits at all HealthNow New York Inc divisions and subsidiaries to ensure that processes are efficient and effective to minimize corporate cost and risk Provide management with independent analysis and recommendations on the adequacy of internal controls based on industry standards and best practice, federal and state regulation, and in accordance with corporate policies and procedures. Emphasis is given on risk management, strengthening controls over operating activities, ensuring compliance with accounting principles and regulations, and financial reporting. Performs assignments in compliance with Internal Audit Policies and Procedures, standards, guidelines, and priorities.

Requirements

• 3+ years of operational and financial audit experience
• Bachelors degree and minimum of 3 years related work experience
• Secondary degree in Finance/Accounting/Business Administration preferred
• Work experience in health industry preferred
• CIA, CPA preferred

Job Description: IT Auditor:
Plans, organizes, directs, and executes information technology audits at all HealthNow New York Inc divisions and subsidiaries to ensure that system/processes are efficient and effective to minimize corporate cost and risk. Provide management with independent analysis and recommendations on the adequacy of information technology and processes based on industry standards and best practice, federal and state regulation, and in accordance with corporate policies and procedures. Emphasis is given on risk management, security, system of internal control, system design, integrity of data, contigency, confidentiality, and safeguarding of assets. Performs assignments in compliance with Internal Audit Policies and Procedures, standards, guidelines, and priorities.

Requirements

• 5+ years IT audit or systems experience.
• Experience in applying IT audit techniques during general control, technical, and new system development audits.
• Experience using automated IT audit tools (e.g., Bindview, Cisco Secure Scanner, ISS Internet Scanner, Enterprise Security Manager, Kane Security Analyst.
• Experience in auditing e-commerce, web based, client server and CRM applications (PeopleSoft).
• Experience in performing audits of database management (e.g., DB2, MS-SQL, Sybase, Oracle).
• Experience in performing audits of operating systems (e.g., Unix, Windows, z/OS).
• Second degree in Computer Science/MIS/CIS preferred
• CIA or CISA preferred

Apply to:
Evelyn McAdam, CISA, CIA
Manager, Corporate Internal Audit
Corporate Audit Services
HealthNow New York Inc.
Phone: (716) 887-8816
Fax: (716) 887-7594
mcadam.evelyn@healthnow.org

Position at Cochran Cochran & Yale
JOB DESCRIPTION: The global Information Technology (IT) Function is leading efforts to align IT and Business Strategy, leverage IT investments, and optimize end to end business processes and associated information integration technologies. Through these efforts, IT helps to improve the competitive position of core businesses through IT enabled processes. IT also delivers Information Technology applications, infrastructure, and project services in a cost efficient manner worldwide. Responsibilities

• Ensure appropriate access, confidentiality and integrity of the company's information assets and systems in compliance with corporate policies and standards. Provide leadership, facilitation and coordination for information security operations in support of IT security strategies and initiatives.
• Encompass the operational information security components across the company which includes policies and procedures, risk assessments, awareness, malicious code prevention, security monitoring, disaster recovery, application and infrastructure recovery, benchmarking and metrics.
• Responsible for taking steps to implement the controls needed to protect both Corning information as well as information that have been entrusted to Corning by third parties. The position involves overall responsibility for information security regardless of the form (printed or electronic), the information handling technology employed (computers, networks, voice communications, etc.), or the people involved (contractors, consultants, employees, vendors, outsourcing firms, etc.).
• Directs, coordinates, plans, and organizes information security activities within IT Service Delivery. A focal point for communications related to information security, both with internal staff and third parties. Works with a wide variety of people from different internal organizational to manifest controls that reflect workable compromises as well as proactive responses to current and future information security risks.
• Acts as the central point of contact within IT Service Delivery with respect to information security, including vulnerabilities, controls, technologies, HR and management issues.
• Establish and maintain working relationships with other Corning groups involved with information security matters (Legal, HR, Corporate Security, Information Risk Council, etc.).
• Assists with the clarification of individual information security responsibility and accountability so that necessary information security activities are performed as needed, according to pre-established procedures, polices, and standards.
• Coordinate information security efforts with internal IT groups having information security-related responsibilities, to ensure organization-wide information security efforts are consistent across organizations.
• Represents Company and its information security related interests at industry standards committee meetings, technical conferences, industry specific on-line chat rooms, and similar public forums.
• Provides input towards a strategic information security plan with a vision for the future of information security. Collaborate with Information Risk Management (IRM) Strategy and Architecture groups.
• Understands the fundamental business activities performed, and based on this understanding, suggests appropriate information security measures that adequately protect these activities.
• Obtains management approval and ongoing support for information security initiatives.
• Brings pressing information security vulnerabilities to IT management's attention so that remedial action can be taken.
• Performs and/or oversees the performance of risk assessments that identify current and future security vulnerabilities, determine level of risk management willing to accept, and identifies best ways to reduce information risk.
• Directs the development of self-assessment questionnaires and other tools that assist user department managers and other members of management team in their efforts to determine degree of compliance with information security requirements.
• Periodically initiates quality measurement studies to determine whether the information security function and operates in a manner consistent with standard industry practices and metrics (these include customer satisfaction surveys, competitor benchmarking, industry baseline controls comparisons, peer review comparison efforts, and internal tests).
• Provides guidance to user department staff on the development of local, system-specific, and application-specific information security policies, guidelines, standards, procedures, and responsibility designations.
• Directs the preparation of information systems contingency plans.
• Initiates and manages special projects related to information security that may be needed to appropriately respond to ad-hoc or unexpected information security events.
• Stays informed on latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional association memberships, industry conferences, etc.
• Track and report IR spending as a percentage of IT spend.
  
  Qualifications
• Basic familiarity with information security technology - knowledgeable in information security technical areas; know which technology to apply in response to an organization's information security needs.
• Understands big picture - prioritize resources in a way that satisfies the organization's urgently pressing needs, but at the same time moves the organization in the direction of implementing generally accepted information security solutions; synthesize information from many different sources to come up with a plan for improving information security that is responsive to the organization's business needs.
• Relationship management – maintain good working relationships with a variety of people and maintain the trust and support with these same people; Dotted-line reporting responsibility to other IT members with IR responsibilities.
• Interpersonal skills – team player, diplomatic; stay focused and get things done, even though the resources maybe limited.
• Resolve conflicts between security and business objectives - clearly see the pros and cons of certain courses of action, and be able to choose and negotiate a compromise which best serves the organization in the long run; In addition to being familiar with information security technology, must also have business skills, business knowledge and a business aptitude
• Real world hands-on experience - be credible; not a former hacker; open-minded and have personality that inspires trust; relevant prior experience in the real world of information security because hands-on experience helps prevent taking positions inconsistent with standard industry practices
• Staying on top of the technology - Attending couple conference each year; Subscribing to security research organization; read technical magazines and attend professional society meetings.
• Tolerance for ambiguity and uncertainty - make defensible decisions when important or critical pieces of information are unavailable; patient, optimistic, well-reasoned and levelheaded and can adjust to a wide variety of situations.
• Excellent organizational, planning skills.
• Good verbal and written communications and presentation skills
• Communicate with internal business units to ensure expectations are understood and met.
• Manage personnel.
  
  Education and Experience:
• Bachelor's degree in Information Technology; Masters in Information Security is desirable.
• A working knowledge of information security is essential; Minimum 10 years of information security work.
• Certified rating with one or both of the following is desirable - Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
  
  For immediate and confidential consideration please contact:
  Richard A. DeMayo
  Senior Search Consultant
  Information Technology/Telecommunications Cochran, Cochran & Yale
  955 E. Henrietta Road
  Rochester, NY 14623
  585-424-6060 x139
  Email:rad@ccy.com
  Website: www.ccy.com
  
  Please forward a WORD version of your resume as well.

Copyright © 2005 Thomas Penksa. Design by Andreas Viklund.