IT Auditor

Position Summary

Pennant Services is seeking a highly motivated and detail-oriented IT Auditor to support the organization’s IT audit, risk management, cybersecurity, compliance, and governance programs. This position will evaluate the design and effectiveness of technology controls, identify risks, and work collaboratively with business and technology stakeholders to strengthen Pennant’s overall control environment.

The IT Auditor will participate in a variety of audit and assessment activities including cybersecurity reviews, IT risk assessments, HIPAA compliance evaluations, SOX compliance support, vendor risk reviews, and operational technology audits across Pennant’s healthcare operations. This role requires strong analytical skills, the ability to communicate effectively with all levels of the organization, and a commitment to continuous improvement and risk management.

Essential Duties and Responsibilities

IT Audit & Risk Management

• Perform IT audits and risk assessments across infrastructure, cloud services, cybersecurity, identity and access management, disaster recovery, business continuity, and third-party/vendor risk management processes.
• Conduct walkthroughs of IT processes and systems to identify key risks, controls, and opportunities for improvement.
• Evaluate the design and operating effectiveness of technology controls and provide recommendations to strengthen the control environment.
• Assess compliance with organizational policies, regulatory requirements, and industry frameworks, including the NIST Cybersecurity Framework (NIST CSF) and HIPAA Security Rule requirements.
• Participate in cybersecurity assessments and reviews focused on security governance, vulnerability management, incident response, security monitoring, and identity management.
• Evaluate technology implementations, system upgrades, and major IT initiatives to ensure risks are appropriately identified and mitigated.
• Assist with third-party audits, regulatory examinations, and compliance reviews.
• Support enterprise risk management activities by identifying emerging technology and cybersecurity risks.
• Perform follow-up reviews to validate the remediation of identified findings and corrective action plans.
• Develop practical recommendations that balance risk reduction, operational efficiency, and business objectives.

Compliance & Governance

• Support the organization’s SOX compliance program through IT General Controls (ITGC) testing and application control reviews, as applicable.
• Assist with audits related to HIPAA, privacy, security, and other regulatory requirements impacting healthcare operations.
• Evaluate compliance with internal policies, standards, and governance processes.
• Assist with evidence collection and coordination efforts related to internal and external audits.
• Support ongoing monitoring and continuous improvement of compliance and control activities.
• Reporting & Communication
• Prepare clear, concise, and well-documented audit workpapers, reports, and presentations.
• Communicate audit observations, risks, and recommendations to management and stakeholders.
• Build collaborative relationships across Information Technology, Cybersecurity, Compliance, Finance, and Operations teams.
• Present findings and recommendations in a professional and constructive manner.
• Maintain professional and ethical standards while safeguarding confidential and sensitive information.

Qualifications

Required Education & Experience

• Bachelor’s degree in Information Systems, Information Technology, Cybersecurity, Accounting, Finance, Healthcare Administration, or a related field.
• Three (3) or more years of experience in IT auditing, information security, risk management, compliance, cybersecurity, or related disciplines.
• Experience evaluating technology controls, information security practices, and IT governance processes.
• Understanding of cybersecurity principles, risk management methodologies, and internal control frameworks.
• Strong analytical, organizational, and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to manage multiple projects and priorities in a dynamic environment.
• Preferred Qualifications
• Experience conducting IT audits within healthcare, healthcare services, or other regulated industries.
• Familiarity with NIST CSF, HIPAA Security Rule, COBIT, and other IT governance and security frameworks.
• Experience with Microsoft 365, Azure, Entra ID, and related cloud technologies.
• Knowledge of cybersecurity operations, identity and access management, and cloud security concepts.
• Experience supporting SOX compliance programs and IT General Controls testing.
• Experience working with external auditors, regulators, and compliance assessors.

Preferred Certifications

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• Certified Internal Auditor (CIA)
• Certified Public Accountant (CPA)
• Healthcare Information Security and Privacy Practitioner (HCISPP)

About Pennant & Our Culture

As part of The Pennant Group, our work is rooted in the CAPLICO core values — Customer Second, Accountability, Passion for Learning, Love One Another, Intelligent Risk‑Taking, Celebration, and Ownership. These values guide how we support our partners and build a culture of empathy, growth, and purpose. [pennantgroup.com]

Additional Information  

We are committed to providing a competitive Total Rewards Package that meets our employees’ needs. From a choice of medical, dental, and vision plans to retirement savings opportunities through a 401(k) plan with company match and various other benefits, we offer a comprehensive benefits package. We believe in great work, and we celebrate our employees' efforts and accomplishments both locally and companywide, recognizing people daily through our Moments of Truth Program. In addition to recognition, we believe in supporting our employees' professional growth and development. We provide employees a wide range of free e-courses through our Learning Management System as well as training sessions and seminars.  

Location: Remote

Compensation: DOE

Why Pennant Services

At Pennant Services, we are committed to supporting our affiliated healthcare organizations through strong governance, effective risk management, cybersecurity, and innovative technology solutions. The IT Auditor plays a key role in helping protect information assets, supporting regulatory compliance, improving operational effectiveness, and enabling quality patient care. This position offers the opportunity to work across a broad range of technology, security, and compliance initiatives while contributing to the success of a growing healthcare organization.

Pennant Services is an Equal Opportunity Employer. We are committed to creating an inclusive workplace where all employees are treated with respect and have equal opportunities for employment, development, and advancement. Employment decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, or any other protected status under applicable law.