Senior IT Compliance Analyst

Senior IT Compliance Analyst

Join to apply for the Senior IT Compliance Analyst role at HCA Healthcare.

HCA Healthcare, the largest healthcare system in the United States, cares for patients with purpose, integrity, and family‑like compassion. We invite you to jump‑start your career as a Senior IT Compliance Analyst today.

• Comprehensive medical coverage including prescription drug, behavioral health, free telemedicine, and free Air Med medical transportation.
• Dental and vision benefits, life and disability coverage, flexible spending accounts and supplemental health plans (accident, critical illness, hospital indemnity).
• Auto and home insurance, identity‑theft protection, legal counseling, long‑term care and moving assistance, and pet insurance.
• Free counseling services and resources for emotional, physical and financial wellbeing.
• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service).
• Employee Stock Purchase Plan with 10% off HCA Healthcare stock.
• Family support through fertility and family‑building benefits with Progyny and adoption assistance.
• Referral services for child, elder and pet care, home and auto repair, event planning and more.
• Consumer discounts through Abenity and other partners.
• Retirement readiness, rollover assistance services and preferred banking partnerships.
• Education assistance (tuition, student loan, certification support, dependent scholarships).
• Colleague recognition program.
• Time Away From Work Program (paid time off, paid family leave, long‑ and short‑term disability coverage and leaves of absence).
• Employee Health Assistance Fund offering free employee‑only coverage to full‑time and part‑time colleagues based on income.

This role oversees and monitors the effectiveness of IT internal controls over financial reporting for HCA Healthcare’s Sarbanes‑Oxley (SOX) and Systems and Organizational Controls (SOC) IT compliance program (second‑line responsibilities). The analyst supports the first line in executing control activities, addressing deficiencies, providing independent testing, risk assessments, and ensuring alignment with SOX regulatory requirements.

• Oversee IT general control processes in a complex IT environment with multiple applications, platforms, and IT processes.
• Identify opportunities to modernize, automate, and centralize controls testing, monitoring, evidence gathering, etc.
• Develop robust continuous compliance monitoring processes to ensure IT SOX key controls are consistently performed.
• Formalize and deliver training and education for first‑line staff on supporting IT SOX key controls, including creation and maintenance of IPE.
• Partner with stakeholders to ensure clear control ownership and accountability.
• Serve as a subject‑matter expert for IT general and application controls, overseeing scoping, design, documentation, testing, monitoring, and remediation.
• Identify, track, and report on remediation of SOX‑related internal audit issues.
• Work with IT application, product, business, and process owners to update and/or document key control procedures.
• Ensure annual walkthrough, testing, and remediation schedule is documented and communicated to first‑ and second‑line teams.
• Track and report execution of schedule, including deficiencies and status of remediation efforts.
• Provide oversight of IT change management to ensure design, testing, and documentation of SOX‑relevant changes.
• Review descriptions, controls, and testing for annual SOC reports.
• Ensure SOX documentation is created, updated, and maintained, with testing results loaded into the company’s SOX tools.
• Analyze data and trends to identify emerging risks and areas for improvement in internal control processes.
• Contribute to a risk assessment of internal controls and associated processes to guide controls focus and remediation.
• Evaluate the design and effectiveness of internal controls, including segregation of duties, access controls, and authorization processes.
• Serve as a liaison for Internal Audit and external audit activities, coordinating SOX audit activities, gathering documentation, and…