BrightSpring Health Services

The IT Internal Audit Lead supports the execution of the SOX 404 program with a focus on IT risks and controls and independently performs risk‑based IT and technology‑enabled audits. This role partners with IT and business stakeholders, co‑sourced providers, and other assurance functions to deliver timely, high‑quality assurance and actionable insights related to systems, applications, and data. As the Internal Audit function continues to mature and expand, this role is expected to grow in breadth and scope, taking on increasing responsibility across IT audit coverage, emerging technology risks, and assurance coordination.

• The IT Internal Audit Lead works with the Vice President of Internal Audit, IT leadership, and business stakeholders to execute the Company’s internal audit plan, with emphasis on IT risk and controls
• Fosters relationships with IT and business personnel at appropriate levels and serve as a subject matter expert for IT control design, system access, change management, data integrity, and documentation standards
• Consistently deliver high‑quality IT internal audit services in accordance with applicable professional standards (IIA, ISACA)
• Contributes to the annual audit plan and periodic risk updates, partnering with other assurance providers to coordinate activities and enhance overall assurance coverage across IT risks
• Independently plan and execute risk‑based IT and technology‑enabled audits, including defining objectives and scope, developing test procedures, performing fieldwork, synthesizing findings, assessing impact, and recommending practical, actionable remediation
• Drives high‑quality work products within expected time frames and budget
• Coordinates multiple concurrent projects and proactively manage stakeholder expectations related to service delivery and timelines
• Stays abreast of current technology, cybersecurity, and industry risk trends
• Performs other duties as assigned
• Supports execution of the SOX 404 program related to IT General Controls (ITGCs), automated application controls, and system‑dependent controls, coordinating closely with third‑party service providers
• Facilitates and lead IT SOX walkthroughs and design effectiveness assessments, including evaluation of:
  • logical access controls,
  • change management,
  • IT operations,
  • system interfaces, and
  • IT‑dependent manual controls and IPE completeness and accuracy
• Oversee and review co‑sourced operating effectiveness testing of IT controls, ensuring testing approaches, evidence, and conclusions meet Internal Audit standards and support external auditor reliance
• Perform operating effectiveness testing as needed, validate system‑generated evidence, and ensure conclusions are supportable, clearly documented, and audit‑ready
• Provide day‑to‑day oversight and project management of co‑sourced resources supporting SOX IT and IT audit engagements, including coordinating scope, timelines, deliverables, and reviewing workpapers for quality and consistency
• Serve as one of the primary points of contact for assigned co‑source engagements, facilitating communication, resolving issues, and escalating risks or delivery concerns as appropriate
• Independently manage and execute assigned IT audit engagements end‑to‑end, while balancing oversight responsibilities and ensuring alignment with Internal Audit standards and expectations
• Supervisory Responsibility: Yes

• Bachelor’s degree in Information Systems, Computer Science, Accounting, Finance, or a related field.
• 5–7+ years of experience in Internal Audit, IT Audit, or external audit (Big 4 or national firm strongly preferred), with substantial:
  • SOX ITGC ownership, and
  • hands on IT audit or technology risk assessment experience.
• Experience auditing ERP environments (e.g., SAP, Oracle), key business applications, and supporting infrastructure preferred.
• Industry experience in healthcare, provider services, pharmacy services, or other regulated environments preferred.
• CISA strongly preferred; CIA or CPA a plus
• Strong knowledge of ITGCs, SOX/PCAOB expectations, COSO, COBIT, and IIA/ISACA standards.
• Experience evaluating IT dependent manual controls, automated controls, system interfaces, and reports used as IPE.
• Proficiency with audit management platforms (e.g., Workiva, AuditBoard, TeamMate).
• Strong analytical and data evaluation skills; familiarity with data analytics or continuous auditing concepts is a plus.
• Excellent written and verbal communication skills, with the ability to explain technical concepts to non technical stakeholders.
• Percentage of Travel: 0-25%

**To perform this role will require frequently sitting and typing on a keyboard with fingers, and occasionally standing, walking, and climbing (stairs/ladders). The physical requirements will be the ability to push/pull and lift/carry 1-10 lbs**

BrightSpring Health Services provides complementary home- and community-based pharmacy and provider health solutions for complex populations in need of specialized and/or chronic care. Through the Company’s service lines, including pharmacy, home health care and rehabilitation, we provide comprehensive and more integrated care and clinical solutions in all 50 states to over 450,000 customers, clients and patients daily. BrightSpring has consistently demonstrated strong and industry-leading quality metrics across its services lines, while improving the health and quality of life for high-need individuals and reducing overall healthcare system costs. For more information, please visit www.brightspringhealth.com. Follow us on Facebook, LinkedIn, and X.