Internal IT Auditor, Consultant

About Blue Shield of California and the Ascendiun Family of Companies

As of January 2025, Blue Shield of California became a subsidiary of Ascendiun. Ascendiun is a nonprofit corporate entity that is the parent to a family of organizations including Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan; Altais, a clinical services company; and Stellarus, a company designed to scale healthcare solutions. Together, these organizations are referred to as the Ascendiun Family of Companies.

At Ascendiun, we believe in a brighter future for healthcare. As the parent to a family of four innovative healthcare companies, we’re reimagining what’s possible. Ascendiun is guided by the goal of transforming a dysfunctional American health care system into one worthy of our family and friends and sustainably affordable for everyone.

To achieve our mission, we foster an environment where all employees can thrive and contribute fully to address the needs of the various communities we serve. We are committed to creating and maintaining a supportive workplace that upholds our values and advances our goals.

Our Values:

• Honest. We hold ourselves to the highest ethical and integrity standards. We build trust by doing what we say we're going to do and by acknowledging and correcting where we fall short.
• Human. We strive to listen and communicate effectively, and showing empathy by understanding others’ perspectives. 
• Courageous. We stand up for what we believe in and are committed to the hard work necessary to achieve our ambitious goals. 

Physical Requirements:

Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day.

Please click here for further physical requirement detail. 

Equal Employment Opportunity:

External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.

Your Role

The Consultant, Internal Audit (Technology / IT Audit) independently leads and executes complex audit and advisory engagements across technology environments. This role serves as a subject matter expert in IT audit and cybersecurity while providing strategic insight and guidance to management. The Consultant is accountable for delivering end-to-end audit work and acts as a trusted advisor to Director-level leadership and stakeholders.

Your Work

In this role, you will:

• Perform non-technical and technical IT audits with minimal supervision 
• Define the scope of work for each audit
• Evaluate the design and effectiveness of applied controls for processes, systems, networks, and applications in accordance with laws, regulations, policies, procedures, and standards
• Support risk assessments and development of audit plans for data and AI governance areas
• Review controls over AI-enabled business processes, including data sourcing, model outputs, decisioning logic, and human oversight mechanisms
• Leads corrective/ preventive action planning related to transactional audits
• Assess design and operating effectiveness of controls related to intellectual property (IP) protection, including source code repositories, model artifacts, proprietary algorithms, and data assets
• Perform audits of DevSecOps pipelines, including CI/CD tooling, automated testing, code promotion, and segregation of duties across development environments
• Evaluate risks related to use of open-source software, third-party libraries, and external AI services, including licensing compliance, security vulnerabilities, and data leakage
• Analyze risks associated with data used in software and AI development, including data governance, quality, lineage, privacy, and regulatory compliance (e.g., HIPAA data considerations)
• Assess AI governance frameworks, including intake, approval, ethical review, monitoring, incident management, and model retirement processes.
• Complete detailed audit work papers that describe the scope of audit work performed, results of tests conducted, the controls in place, and the control or compliance deficiencies noted, using sound judgment

Your Knowledge and Experience

• Requires a bachelor’s degree or equivalent experience
• Requires a minimum of 7 years of prior related experience
• Advanced understanding of technology, IT concepts and principles and the ability to leverage this knowledge to recommend effective solutions
• Advanced knowledge of security software programs and implementation
• Advanced knowledge of TCP/IP and networking (LAN, WAN and Wireless)
• Advanced knowledge of key information technology risks and controls and available technology-based assessment techniques
• Advanced knowledge of major risk assessment methodologies and security frameworks such as ISO, COBIT, COSO
• Advanced knowledge of major operating systems such as UNIX (e.g., Solaris) and Windows servers (2000, 2003)
• Advanced knowledge of major security tools and technologies such as intrusion detection and prevention systems, data loss prevention and identify management
• Advanced knowledge of Security Incident Management, Business Continuity/Disaster Recovery, Personnel Security, Physical and Environmental Security processes
• Working knowledge of AI tools, models, and platforms (e.g., generative AI, ML systems), including associated risks, controls, and governance consideration
• Knowledge of computer forensics, penetration testing and hacking techniques
• In-depth knowledge of security log analysis
• Strong knowledge of security regulations including HIPAA / HITECH, SOX, PCI, SB1386, AB1950