IT Compliance Analyst II

Do you want to join an organization that invests in you as a(an) IT Compliance Analyst II? At HCA Healthcare, you come first. HCA Healthcare has committed up to $300 million in programs to support our incredible team members over the course of three years.

HCA Healthcare offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
• Free counseling services and resources for emotional, physical and financial wellbeing
• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
• Employee Stock Purchase Plan with 10% off HCA Healthcare stock
• Family support through fertility and family building benefits with Progyny and adoption assistance.
• Referral services for child, elder and pet care, home and auto repair, event planning and more
• Consumer discounts through Abenity and Consumer Discounts
• Retirement readiness, rollover assistance services and preferred banking partnerships
• Education assistance (tuition, student loan, certification support, dependent scholarships)
• Colleague recognition program
• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Learn more about Employee Benefits

Note: Eligibility for benefits may vary by location.

You contribute to our success. Every role has an impact on our patients' lives and you have the opportunity to make a difference. We are looking for a dedicated IT Compliance Analyst II like you to be a part of our team.

Position Summary

This role is responsible for working with senior team members to oversee and monitor the effectiveness of IT internal controls over financial reporting for HCA Healthcare's Sarbanes-Oxley (SOX) and Systems and Organizational Controls (SOC) IT compliance program (i.e., performing second line responsibilities).

Responsibilities for this role include overseeing the design, implementation, effectiveness, and testing of IT general controls and IT application controls across the organization. This includes supporting the first line in executing control activities and addressing deficiencies. This also includes performing independent testing, risk assessments, and ensuring the organization remains aligned with SOX regulatory requirements.

This role is also responsible for collaborating with control owners, internal audit, and external auditors to ensure ongoing compliance with SOX requirements while driving improvements in HCA Healthcare's IT control environment. This includes developing and delivering training and education to control owners on how to appropriately support and manage their IT SOX key controls. This also includes identifying opportunities to modernize, automate, and centralize controls testing, continuous monitoring, evidence gathering, etc.

Major Responsibilities:

• Overseeing IT general control processes in a complex IT environment entailing multiple applications, platforms, and IT processes.
• Identifying opportunities to modernize, automation, and centralization of controls testing, monitoring, evidence gathering, etc.
• Assisting in the development of robust and formalized continuous compliance monitoring processes to ensure IT SOX key controls are being consistently and adequately performed.
• Assisting with the formalization and delivery of training and education for first line staff on how to appropriately support and manage IT SOX key controls, including creation and maintenance of IPE.
• Partnering with stakeholders to ensure clear control ownership and accountability.
• Possessing a working knowledge of HCA Healthcare's IT general and application controls, including overseeing scoping, control design, documentation, testing, monitoring, and remediation. This also includes working with IT leaders throughout the control lifecycle.
• Identifying, tracking, and reporting on remediation of SOX-related internal audit issues.
• Working with IT application, product, business and process owners to update and/or document key control procedures.
• Ensuring annual walkthrough, testing, and remediation schedule is documented and communicated to first- and second-line teams.
• Assisting with the tracking and reporting of execution of schedule, including any deficiencies identified and status of remediation efforts.
• Assisting with oversight of IT change management processes to ensure processes to ensure appropriate design, testing, and documentation of SOX-relevant changes.
• Reviewing descriptions, controls, and testing for annual SOC reports.
• Ensuring IT-related SOX documentation is created, updated, and maintained and testing results are loaded into the company's SOX tools.
• Assisting with analyzing data and trends to identify emerging risks and areas for improvement in internal control processes.
• Assisting with a risk assessment of internal controls and associated processes to identify areas of potential risk and non-compliance. Utilize outcome of risk assessment to guide controls focus, including control improvement and remediation.
• Assisting with evaluation of the design and effectiveness of internal controls, including segregation of duties, access controls, and authorization processes.
• Serving as a liaison for Internal Audit and external audit activities including coordinating SOX audit activities to prevent duplicated efforts, gathering requested documentation, and serving as a trusted advisor and key point of contact.
• Ensuring company-wide periodic access reviews are completed according to schedule and inappropriate accesses are remediated.
• Staying abreast of changes in regulations, laws, and industry standards related to internal controls and risk management.
• Collaborating with other compliance and legal functions to ensure alignment and reduce control duplication across overlapping frameworks.
• Contributing to the preparation of periodic updates on IT SOX compliance posture, key metrics, and remediation status to senior leadership.
• Embodying the HCA mission, vision, and values, including being confident, articulate, poised, and influential, while maintaining humility & integrity.
• Supporting other compliance initiatives as needed.

Education & Experience:

• Bachelor of Science in Business Administration degree with major in Management Information Systems (MIS), Business and Information Technology, Accounting, or related field Preferred
• General knowledge of IT concepts, operating systems, networking, database & security Required
• Experience with regulatory compliance areas such as SOX, SOC, etc. Preferred
• Excellent interpersonal skills and the ability to engage with various levels of the organization Required
• Excellent analytical skills, organizational skills and attention to detail required. Required
• Excellent verbal and written communication required. Required
• 3+ years of experience in relevant IT technical or audit experience Required

Licenses, Certifications, & Training:

• Professional or Audit Certifications (CPA, CISA, CITP, etc.) Preferred

Knowledge, Skills, Abilities, Behaviors:

• Service and Quality Excellence: Ability to demonstrate an uncompromising commitment to delivering exceptional care to create an unmatched value proposition for our patients.
• Honor our Mission and Values: Ability to build trust and act with authenticity to cultivate a culture of integrity, inclusion, and mutual respect.
• Effective Decision Making: Ability to make timely, informed decisions that are in the best interest of our patients, employees, providers, community and HCA.
• Attain and Leverage Strategic Relationships: Ability to develop and strengthen collaborative relationships with both internal and external stakeholders to advance the care of our patients and the growth of HCA.
• Communicate with Impact: Ability to deliver information in a clear, concise, and compelling manner to effectively engage others and achieve desired results.
• Achieve Success through Change: Ability to identify opportunities for improvement and innovation, remove barriers and resistance, and enable desired behaviors.
• Drive Execution and Financial Results: Ability to commit to the success and financial wellbeing of HCA by challenging others to excel and hold themselves and others accountable for achieving results.

HCA Healthcare has been recognized as one of the World's Most Ethical Companies by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

"Good people beget good people."- Dr. Thomas Frist, Sr.

HCA Healthcare Co-Founder

We are a family 270,000 dedicated professionals Our Talent Acquisition team is reviewing applications for our IT Compliance Analyst II opening. Qualified candidates will be contacted for interviews. Submit your resume today to join our community of caring

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.