Cencora is an innovative company focused on creating healthier futures. The IT Internal Auditor, Cyber Security will be a key member of the Internal Audit management team, responsible for delivering risk-based assurance across the enterprise, particularly in third-party risk management.
Responsibilities:
- Drives and executes comprehensive, risk-based audit plans, defining clear objectives, methodologies, and deliverables
- Ensures audit procedures effectively evaluate controls across financial, operational, compliance, and cybersecurity domains, while producing high-quality, well-structured workpapers that support audit conclusions
- Advances the third-party risk management audit framework by embedding end-to-end vendor lifecycle considerations (onboarding, due diligence, contracting, ongoing monitoring, and offboarding) and developing a comprehensive, risk-based catalog of third-party risks (e.g., cybersecurity, compliance, operational, concentration, financial, and reputational) to strengthen the identification, assessment, and mitigation of risks associated with external vendors and strategic partners across the enterprise
- Integrates cybersecurity into third-party assurance activities, evaluating vendor security posture, data protection practices, and compliance with information security standards to strengthen enterprise-wide risk visibility
- Recommends and drives innovative audit techniques, metrics, and analytics, including the use of automation and AI-enabled insights, to assess control effectiveness and continuously enhance audit quality and efficiency
- Leverages advanced data analytics capabilities within Internal Audit to design and deliver impactful dashboards, continuous monitoring capabilities, and data-driven insights that elevate audit coverage and decision-making
- Performs and reviews audit work to ensure alignment with internal audit standards and strategic objectives, delivering consistent, high-quality outputs across engagements
- Builds and sustains strong, trusted relationships with Cencora management and stakeholders, fostering collaboration and positioning Internal Audit as a valued advisor
- Effectively manages multiple concurrent audit priorities, optimizing resources, driving efficiency, and consistently delivering against tight timelines
- Ensures the timely delivery of high-quality audit and advisory reports, clearly articulating risks, insights, and actionable recommendations tailored for both operational and executive audiences
- Provides ongoing coaching and performance feedback, supporting team development and fostering a high-performing, accountable audit culture
- Demonstrates flexibility and commitment to execution, including willingness to travel up to 20% as needed to support audit objectives and stakeholder engagement
Requirements:
- An undergraduate degree in Accounting or a related business discipline is required
- Five (5) years minimum applicable audit experience, obtained from either internal audit or public accounting
- Shows flexibility in prioritizing and completing tasks, recommends allocating/re-allocating work across engagement team members when assigned, or stepping in to support execution, as appropriate
- Strong knowledge of risks, process, and controls across financial, operational and compliance areas
- Well-developed analytical, interpersonal, and communication (both written and verbal) skills
- Innovative, out of the box thinker and adaptable to a changing environment
- Strong project management, time management, and prioritization skills
- Comfortable with leading-edge audit and risk assessment methodologies
- Working knowledge of Sarbanes-Oxley requirements
- Excellent verbal and written communication and presentation skills
- Strong interpersonal skill with the ability to work closely with people at all levels of the organization and facilitate the implementation of corrective action
- Proficient in MS Word, Excel and PowerPoint
- Ability to be on-site in Conshohocken, PA as needed (flexible)
- Experience in pharmaceutical, healthcare, biotech is preferred but not required
- An active professional certification in at least one area (e.g., CIA, CPA, CISA, CMA, etc.) is preferred