Security Audit Manager

Security Audit Manager at Cotiviti

As a Security Audit Manager at Cotiviti, you will be instrumental in leading a dynamic team responsible for developing, implementing, and monitoring a comprehensive security audit program. This role primarily focuses on SOC 2 assessments, with significant involvement in HITRUST and other relevant audits. You will provide vision and leadership for scaling audit capabilities, ensuring business alignment, effective program governance, and assisting in developing the roadmap to achieve security audit objectives. This position is key to building and managing an innovative enterprise continuous audit strategy, meeting critical compliance requirements, and advancing the company’s overall security posture.

Responsibilities

• Lead SOC 2 audit activities across the enterprise, ensuring successful engagement and implementation of SOC 2 requirements.
• Collaborate in ongoing HITRUST audit initiatives, working to ensure certification and compliance across various lines of business.
• Set tactical and strategic direction for the security audit program in alignment with business and regulatory needs, emphasizing automation, emerging compliance requirements, gap remediation, and continuous control monitoring.
• Assist in the design and improvement of the continuous monitoring program to inform future audit success, proactively identifying control gaps and remediation opportunities.
• Mentor, develop, and guide information security personnel, fostering individual growth and program maturity.
• Ensure proactive compliance across all business units, helping prevent out-of-compliance issues.
• Produce clear and impactful audit reporting and deliverables for the Senior Leadership Team; effectively communicate findings, vulnerabilities, and recommendations throughout the organization.
• Promote and evangelize Security’s role in enabling core business processes; educate teams on audit findings, vulnerabilities, security systems, and remediation efforts.
• Prescribe and implement security improvements to resolve audit findings and strengthen the company’s security posture.
• Lead innovation efforts to automate and streamline manual audit processes.
• Cultivate strong cross-functional relationships throughout Cotiviti and its technology organizations to support broad audit needs.
• Provide control advisory services for company projects, offering expertise in control design and audit readiness.
• Apply knowledge of industry and IT best practices to deliver strategic audit guidance and ensure proper alignment with business objectives.
• Complete all responsibilities as outlined in the annual performance review and/or goal setting.
• Complete all special projects and other duties as assigned.
• Must be able to perform duties with or without reasonable accommodation.

Qualifications

• Bachelor’s degree in Business, Computer Science, Information Technology, or a related field required.
• CISA, CISM, CISSP or similar preferred but not required.
• 5+ years of experience in Information Security, including direct involvement with SOC 2 and HITRUST audit programs.
• Demonstrated experience with security audits, assessments, and continuous monitoring of technical controls in a corporate or enterprise environment.
• Strong understanding of SOC 2 requirements and familiarity with HITRUST standards.
• Proven ability to mentor, lead, and develop junior staff while building team competency and motivation.
• Effective communicator able to gather complex technical findings for both technical and non-technical stakeholders, including senior leadership.
• Ability to work autonomously, manage multiple priorities, and adapt to evolving compliance needs and technologies.
• Capable of building strong relationships across technical and business units to enable successful audit outcomes.
• Strong organizational skills, attention to detail, and commitment to continuous process improvement and automation.
• Travel up to 10% may be required.

Cognitive/Mental Requirements

• Communicating with others to exchange information.
• Problem-solving and thinking critically.
• Completing tasks independently.
• Interpreting data.

Working Conditions And Physical Requirements

• Remaining in a stationary position, often standing or sitting for prolonged periods.
• Repeating motions that may include the wrists, hands, and/or fingers.
• Must be able to provide a dedicated, secure work area.
• Must be able to provide high-speed internet access/connectivity and office setup and maintenance.
• No adverse environmental conditions are expected.

Compensation and Benefits

Base compensation ranges from $110,000 to $140,000 per year. Specific offers are determined by various factors, such as experience, education, skills, certifications, and other business needs. Cotiviti offers team members a competitive benefits package to address a wide range of personal and family needs, including medical, dental, vision, disability, and life insurance coverage, 401(k) savings plans, paid family leave, 9 paid holidays per year, and 17-27 days of Paid Time Off (PTO) per year, depending on specific level and length of service with Cotiviti. For information about our benefits package, please refer to our Careers page.

Key skills/competency

• SOC 2 Compliance
• HITRUST Standards
• Security Audit Leadership
• Continuous Monitoring
• Risk Management
• Information Security Governance
• Stakeholder Communication
• Process Automation
• Remediation Planning
• Team Development