IT Security Auditor
Company: STI
Location: Richmond
Posted on: April 1, 2026
|
|
|
Job Description:
ABOUT THE ROLE The SCC’s Health Benefit Exchange division is
seeking an experienced IT auditor to support our transition to a
new security standard and strengthen our third-party risk
management program. This role will help interpret and implement
updated security requirements, conduct audits and assessments of
both internal processes and external vendors and partners
evaluating controls and recommending improvements. Responsibilities
Include: Assess current security controls and processes against new
CMS, IRS, and SCC security standards. Identify gaps and recommend
remediation steps to achieve and maintain compliance. Plan, lead,
and execute development and updates to policies, procedures, and
documentation to reflect requirements. Design, implement, and train
on the process for assessing partners and vendors, ensuring
alignment with security standards. Develop assessment tools,
workflows, and scoring model to evaluate and measure the
effectiveness and compliance of vendor and partner security
controls. Evaluate the security posture of vendors and partners to
ensure information security contractual, information sharing, and
data sharing agreement requirements are met. Test the effectiveness
of operational and management controls using interviews, document
reviews, and observation. Analyze, assess, report, and present on
audit findings, risk exposure, and recommendations. Support
information security continuous monitoring and incident response
programs. Perform related work as required.
Keywords: STI, Lynchburg , IT Security Auditor, IT / Software / Systems , Richmond, Virginia
