Advisor, Internal Audit - IT

Internal Audit - IT is responsible for conducting IT systems audits of networks, databases, systems, applications and other IT components to ensure compliance with policies, procedures, regulations and laws. Evaluates and recommends improvements to business practices, processes and control procedures. Closely aligns with Internal Audit - Finance to provide an integrated understanding of how IT risks impact financial and operational processes.

  • Applies knowledge of auditing and internal control concepts to evaluate IT networks, databases, systems, applications and other IT components.
  • Demonstrates knowledge of IT systems design and architecture, process flows, process documentation and internal control identification.
  • Leverages project management skills to define audit testing plans, execute and document internal controls testing, and document testing results and related audit findings.
  • Demonstrates strong interpersonal skills to interact with others in a constructive manner that builds trust.
  • Clearly and accurately documents IT systems design and architecture, IT operational processes and related audit findings.

Accountabilities in this role

•           Leads the planning, execution and reporting of multiple audits and works closely with financial teams, operations teams, as well as the risk management team.

•           Understands the fundamentals of IT technologies and concepts with a strong understanding of IT infrastructure including network, databases, and the ability to evaluate systems, and security governance.

•           Coordinates with IT personnel to understand IT systems management processes, and obtain information required for IT control assessments.  Focus areas include, but are not limited to: access, data security, change development and implementation, system support, and system availability.

•           Prepares and provides written and verbal communication to management with observations and recommendations for internal control improvements.

•           Evaluates IT processes to identify risk areas, mitigating controls, and performs tests of controls to assess the adequacy of the control environment.

•           Prioritizes work assignments to staff auditors and supervises, trains, evaluates performance, and provides feedback to staff.

•           Works proactively with internal customers to ensure audit recommendations are implemented timely.

•           Recommends areas for future audit projects.


  • Bachelor’s degree in Computer Science, MIS, Accounting, Finance, or related field
  • Minimum of 4 years experience with information systems, external or internal auditing, or IT controls
  • At least one professional certification such as CIA, CISA, CISSP or CPA or any other applicable professional certification
  • Experience utilizing auditing software (e.g., TeamMate, IDEA, etc.)
  • Technically proficient in areas such as ERP, cybersecurity, infrastructure, GITC
  • Strong project management skills, with the ability to work on multiple projects with minimal direction
  • Familiarity and understanding of professional audit frameworks and standards (NIST, ITIL, ISO 27001, PCI-DSS, etc.)
  • Strong communication and analytical skills

What is expected of you and others at this level

  • Applies comprehensive knowledge and a thorough understanding of concepts, principles, and technical capabilities to perform varied tasks and projects
  • May contribute to the development of policies and procedures
  • Works on complex projects of large scope
  • Develops technical solutions that are innovative and consistent with organizational objectives to a wide range of difficult problems
  • Completes work independently receives general guidance on new projects
  • Work reviewed for purpose of meeting objectives
  • May act as a mentor to less experienced colleagues

Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.