IT Internal Audit Lead
BrightSpring Health Services, Louisville, KY, United States
Our Company
BrightSpring Health Services
Overview
The IT Internal Audit Lead supports the execution of the SOX 404 program with a focus on IT risks and controls and independently performs risk‑based IT and technology‑enabled audits. This role partners with IT and business stakeholders, co‑sourced providers, and other assurance functions to deliver timely, high‑quality assurance and actionable insights related to systems, applications, and data. As the Internal Audit function continues to mature and expand, this role is expected to grow in breadth and scope, taking on increasing responsibility across IT audit coverage, emerging technology risks, and assurance coordination.
Responsibilities
The IT Internal Audit Lead works with the Vice President of Internal Audit, IT leadership, and business stakeholders to execute the Company’s internal audit plan, with emphasis on IT risk and controls
Fosters relationships with IT and business personnel at appropriate levels and serve as a subject matter expert for IT control design, system access, change management, data integrity, and documentation standards
Consistently deliver high‑quality IT internal audit services in accordance with applicable professional standards (IIA, ISACA)
Contributes to the annual audit plan and periodic risk updates, partnering with other assurance providers to coordinate activities and enhance overall assurance coverage across IT risks
Independently plan and execute risk‑based IT and technology‑enabled audits, including defining objectives and scope, developing test procedures, performing fieldwork, synthesizing findings, assessing impact, and recommending practical, actionable remediation
Drives high‑quality work products within expected time frames and budget
Coordinates multiple concurrent projects and proactively manage stakeholder expectations related to service delivery and timelines
Stays abreast of current technology, cybersecurity, and industry risk trends
Performs other duties as assigned
Supports execution of the SOX 404 program related to IT General Controls (ITGCs), automated application controls, and system‑dependent controls, coordinating closely with third‑party service providers
Facilitates and lead IT SOX walkthroughs and design effectiveness assessments, including evaluation of:
logical access controls,
change management,
IT operations,
system interfaces, and
IT‑dependent manual controls and IPE completeness and accuracy
Oversee and review co‑sourced operating effectiveness testing of IT controls, ensuring testing approaches, evidence, and conclusions meet Internal Audit standards and support external auditor reliance
Perform operating effectiveness testing as needed, validate system‑generated evidence, and ensure conclusions are supportable, clearly documented, and audit‑ready
Provide day‑to‑day oversight and project management of co‑sourced resources supporting SOX IT and IT audit engagements, including coordinating scope, timelines, deliverables, and reviewing workpapers for quality and consistency
Serve as one of the primary points of contact for assigned co‑source engagements, facilitating communication, resolving issues, and escalating risks or delivery concerns as appropriate
Independently manage and execute assigned IT audit engagements end‑to‑end, while balancing oversight responsibilities and ensuring alignment with Internal Audit standards and expectations
Supervisory Responsibility: Yes
Qualifications
Bachelor’s degree in Information Systems, Computer Science, Accounting, Finance, or a related field.
5–7+ years of experience in Internal Audit, IT Audit, or external audit (Big 4 or national firm strongly preferred), with substantial:
SOX ITGC ownership, and
hands on IT audit or technology risk assessment experience.
Experience auditing ERP environments (e.g., SAP, Oracle), key business applications, and supporting infrastructure preferred.
Industry experience in healthcare, provider services, pharmacy services, or other regulated environments preferred.
CISA strongly preferred; CIA or CPA a plus
Strong knowledge of ITGCs, SOX/PCAOB expectations, COSO, COBIT, and IIA/ISACA standards.
Experience evaluating IT dependent manual controls, automated controls, system interfaces, and reports used as IPE.
Proficiency with audit management platforms (e.g., Workiva, AuditBoard, TeamMate).
Strong analytical and data evaluation skills; familiarity with data analytics or continuous auditing concepts is a plus.
Excellent written and verbal communication skills, with the ability to explain technical concepts to non technical stakeholders.
Percentage of Travel: 0-25%
To perform this role will require frequently sitting and typing on a keyboard with fingers, and occasionally standing, walking, and climbing (stairs/ladders). The physical requirements will be the ability to push/pull and lift/carry 1-10 lbs
About our Line of Business
BrightSpring Health Services provides complementary home- and community-based pharmacy and provider health solutions for complex populations in need of specialized and/or chronic care. Through the Company’s service lines, including pharmacy, home health care and rehabilitation, we provide comprehensive and more integrated care and clinical solutions in all 50 states to over 450,000 customers, clients and patients daily. BrightSpring has consistently demonstrated strong and industry-leading quality metrics across its services lines, while improving the health and quality of life for high-need individuals and reducing overall healthcare system costs. For more information, please visitwww.brightspringhealth.com. Follow us onFacebook (https://www.facebook.com/brightspringHS) ,LinkedIn (https://www.linkedin.com/company/brightspringhealth) , andX (https://x.com/BrightSpringHS) .
BrightSpring Health Services, and our family of brands, provides equal employment opportunity
Job LocationsUS-KY-LOUISVILLE
ID 2026-188502
Line of Business BrightSpring Health Services
Position Type Full-Time
BrightSpring Health Services
Overview
The IT Internal Audit Lead supports the execution of the SOX 404 program with a focus on IT risks and controls and independently performs risk‑based IT and technology‑enabled audits. This role partners with IT and business stakeholders, co‑sourced providers, and other assurance functions to deliver timely, high‑quality assurance and actionable insights related to systems, applications, and data. As the Internal Audit function continues to mature and expand, this role is expected to grow in breadth and scope, taking on increasing responsibility across IT audit coverage, emerging technology risks, and assurance coordination.
Responsibilities
The IT Internal Audit Lead works with the Vice President of Internal Audit, IT leadership, and business stakeholders to execute the Company’s internal audit plan, with emphasis on IT risk and controls
Fosters relationships with IT and business personnel at appropriate levels and serve as a subject matter expert for IT control design, system access, change management, data integrity, and documentation standards
Consistently deliver high‑quality IT internal audit services in accordance with applicable professional standards (IIA, ISACA)
Contributes to the annual audit plan and periodic risk updates, partnering with other assurance providers to coordinate activities and enhance overall assurance coverage across IT risks
Independently plan and execute risk‑based IT and technology‑enabled audits, including defining objectives and scope, developing test procedures, performing fieldwork, synthesizing findings, assessing impact, and recommending practical, actionable remediation
Drives high‑quality work products within expected time frames and budget
Coordinates multiple concurrent projects and proactively manage stakeholder expectations related to service delivery and timelines
Stays abreast of current technology, cybersecurity, and industry risk trends
Performs other duties as assigned
Supports execution of the SOX 404 program related to IT General Controls (ITGCs), automated application controls, and system‑dependent controls, coordinating closely with third‑party service providers
Facilitates and lead IT SOX walkthroughs and design effectiveness assessments, including evaluation of:
logical access controls,
change management,
IT operations,
system interfaces, and
IT‑dependent manual controls and IPE completeness and accuracy
Oversee and review co‑sourced operating effectiveness testing of IT controls, ensuring testing approaches, evidence, and conclusions meet Internal Audit standards and support external auditor reliance
Perform operating effectiveness testing as needed, validate system‑generated evidence, and ensure conclusions are supportable, clearly documented, and audit‑ready
Provide day‑to‑day oversight and project management of co‑sourced resources supporting SOX IT and IT audit engagements, including coordinating scope, timelines, deliverables, and reviewing workpapers for quality and consistency
Serve as one of the primary points of contact for assigned co‑source engagements, facilitating communication, resolving issues, and escalating risks or delivery concerns as appropriate
Independently manage and execute assigned IT audit engagements end‑to‑end, while balancing oversight responsibilities and ensuring alignment with Internal Audit standards and expectations
Supervisory Responsibility: Yes
Qualifications
Bachelor’s degree in Information Systems, Computer Science, Accounting, Finance, or a related field.
5–7+ years of experience in Internal Audit, IT Audit, or external audit (Big 4 or national firm strongly preferred), with substantial:
SOX ITGC ownership, and
hands on IT audit or technology risk assessment experience.
Experience auditing ERP environments (e.g., SAP, Oracle), key business applications, and supporting infrastructure preferred.
Industry experience in healthcare, provider services, pharmacy services, or other regulated environments preferred.
CISA strongly preferred; CIA or CPA a plus
Strong knowledge of ITGCs, SOX/PCAOB expectations, COSO, COBIT, and IIA/ISACA standards.
Experience evaluating IT dependent manual controls, automated controls, system interfaces, and reports used as IPE.
Proficiency with audit management platforms (e.g., Workiva, AuditBoard, TeamMate).
Strong analytical and data evaluation skills; familiarity with data analytics or continuous auditing concepts is a plus.
Excellent written and verbal communication skills, with the ability to explain technical concepts to non technical stakeholders.
Percentage of Travel: 0-25%
To perform this role will require frequently sitting and typing on a keyboard with fingers, and occasionally standing, walking, and climbing (stairs/ladders). The physical requirements will be the ability to push/pull and lift/carry 1-10 lbs
About our Line of Business
BrightSpring Health Services provides complementary home- and community-based pharmacy and provider health solutions for complex populations in need of specialized and/or chronic care. Through the Company’s service lines, including pharmacy, home health care and rehabilitation, we provide comprehensive and more integrated care and clinical solutions in all 50 states to over 450,000 customers, clients and patients daily. BrightSpring has consistently demonstrated strong and industry-leading quality metrics across its services lines, while improving the health and quality of life for high-need individuals and reducing overall healthcare system costs. For more information, please visitwww.brightspringhealth.com. Follow us onFacebook (https://www.facebook.com/brightspringHS) ,LinkedIn (https://www.linkedin.com/company/brightspringhealth) , andX (https://x.com/BrightSpringHS) .
BrightSpring Health Services, and our family of brands, provides equal employment opportunity
Job LocationsUS-KY-LOUISVILLE
ID 2026-188502
Line of Business BrightSpring Health Services
Position Type Full-Time