GE HealthCare Sr Digital Auditor 

Remote, Remote 

783099051

Roles and Responsibilities:

• Lead and perform data privacy assessments for systems managing personally identifiable information.
• Evaluate the design and operational effectiveness of privacy / security controls by partnering with control owners and stakeholders.
• Identify control deficiencies, support remediation efforts through resolution, and report non-conformances in a timely manner.
• Prepare and deliver comprehensive summary reports for each data privacy / security assessment or review.
• Align all activities with the Unified Control Framework (UCF) to maintain consistency and compliance across processes.
• Maintain clear and proactive communication with application teams regarding assessment scope, expectations, and timelines.
• Drive initiatives to improve processes and enhance efficiency through automation and streamlined controls.
• Educate project teams on privacy regulations and related IT control requirements to promote awareness and ensure regulatory compliance.
• Establish operating rhythm to report out on key metrics including status of assessments and issue management.
• Ensure audit readiness, provide audit support, and manage audit-related activities to facilitate successful outcomes.

Qualifications & Skills:

• Bachelor’s degree in information security, Computer Science, Information Technology, Law, or a related field.
• Some years of experience in data privacy, information security, IT audit, compliance, or risk management.

• Strong knowledge of global data privacy laws and frameworks (e.g., GDPR, LGPD, DPDP) and U.S. health data regulations (HIPAA).
• Solid understanding of the concept of personally identifiable information (PII) and its protection requirements.
• Familiarity with IT security concepts, IT controls: including access management, infrastructure, encryption, and cybersecurity practices.
• Ability to identify appropriate testing procedures and assess the effectiveness of technology and privacy controls.
• Strong communication skills with the ability to explain complex issues to both technical and non-technical audiences, including engineering, legal, and project teams, focusing on risk and impact.
• Critical thinking and analytical skills to interpret data, identify trends, and assess privacy risks.
• Self-driven with the ability to independently plan and manage assessment schedules.
• Proficiency in English, both written and verbal.

Desired Characteristics

• Internationally recognized information security/information system audit certification/qualifications such as CISA, CISM, CISSP or CIA (IAPP)
• Experience with GRC tools (e.g., Archer, ServiceNow GRC).
• Experience conducting risk assessments, identifying gaps, and recommending mitigation strategies.
• Experience supporting audits and managing audit readiness activities.