Title: Sr. IT Auditor (Service Organization Controls/SOC experience) Location: Alexandria, VA Job Description: Lynch Consultants is seeking a Sr. IT Auditor with Service Organization Controls/SOC experience to support Information Technology (IT) audit engagements and Complementary User Entity Control (CUEC) assessments. Duties will include service provider identification and risk assessment, evaluation of service provider controls to address risks, completion of documentation and test of control design, development of test plans and completion of testing of control operating effectiveness, and development and implementation of corrective actions. Only applicants who fully satisfy all required qualifications will be considered for further review. Work Location and Schedule: - This work is 100% remote, but candidates must be local to the National Capital Region (District of Columbia, Maryland, or Virginia) for potential onsite work in Alexandria, VA. Required Qualifications – Must Have: - MUST have a Bachelor's or Master's degree in a Business-related field - MUST have an active Secret Clearance - MUST have 5+ years of experience with ITGC and SOC Audits in the federal space. - MUST have knowledge and able to provide Quality Assurance (QA) review of IT control documentation, test plans, and Key Supporting (KSD) packages prior to submission for audit or Statement of Assurance purposes. - MUST have knowledge of support testing of IT General Controls (ITGCs) which includes User Access Management (provisioning, de-provisioning, privileged access), Change Management, Configuration Management, System Interfaces, and Data Transfers. - MUST have experience with Internal Controls Over Financial Systems (ICOFS) - Develop test plans to validate internal controls are in place for ICOFS/Complementary User Entity (CUECs). - MUST understand A-123 Statement of Assurance IT requirements - MUST understand Service Organization Controls (SOC) and Complementary User Entity Control (CUEC) assessments and implementation. - MUST understand FISCAM, NIST 800-53, and Federal financial system controls. Preferred Qualifications: - CPA (Certified Public Accountant) - CDFM, CGFM/DoD FM Certification Skills and Job Duties: - Development and execution of ITGC test plans (Test of Design). - Conduct (ToE)/(Test of Effectiveness (ToE)) procedures, including walkthroughs, sampling and evidence validation. - Validate completeness and accuracy of IT control populations and samples used for testing. - Support Statement of Assurance (SoA) IT inputs, including identification of IT risks, mapping of IT controls to financial reporting objectives, and documentation of IT control ownership. - Assist in drafting SoA narratives and flowcharts related to IT systems, including control descriptions risk statements, and remediation status. - Review SOC 1/ SOC 2 reports to identify CUEC applicable to the DoW Agency and support mapping of SOC controls to internal DoW Agency IT controls. - Review SOC 1/ SOC 2 reports to identify CUEC applicable to the DoW Agency. - Support mapping of SOC controls to internal DoW Agency IT controls and assist in documenting reliance strategies. - Conduct Audit Engagement support including development, QA review, validation, and submission of IT and business process documentation in response to audit Prepared By Client (PBC) requests. - Review Notice of Findings and Recommendations (NFRs) and develop or recommend Corrective Action Plans (CAPs) to remediate deficiencies and weaknesses. - Monitor and assess the implementation and validation of CAPs. - Provide Risk Management and Remediation to include providing expertise, recommendations, and industry best practices to support continuous improvements and increased feedback throughout the Audit Engagement and Audit Remediation processes, to include guidance, business rules, and process workflows. - Provide Audit Remediation Data Management using information provided by stakeholders. - Perform timely uploads or updates to CAP-related documentation in the designated audit remediation tool and provide an update to customer management. - Perform data analytics to assess the risk of misstatement from CAPs that are not fully remediated. - Assess remediation testing results to determine sufficiency of remediation procedures. - Conduct a review of Statements of Assurance (SOA) for accuracy and completeness as it relates to ICOFS. This includes providing advice and performing reviews, assessments, and a gap analysis to Federal Information Systems Control Audit Manual (FISCAM) requirements and NIST 800-53 standards and controls. - Develop, update, and review Memorandums of Understanding (MOUs) with service providers to include CUEC roles and responsibilities. - Perform ITGC testing (access management, change management, Configuration). - Quality Assurance reviews of audit workpapers and control documentation. - Notice of Findings and Recommendations (NFRs), Corrective Action - Plans (CAPS), Test of Operating Effectiveness (TOE), Test of Design (TOD), and Service Organization Controls (SOC) Reports - Management of IT audit evidence repositories (SharePoint, Teams, etc.)

• Conduct Audits of Pharmaceutical, medical device, clinical, and software development organizations for compliance with health authority regulations applicable to computer systems, artificial intelligence, data integrity • Conduct gap assessments and provide remediation guidance for compliance with health authority regulations applicable to computer system, artificial intelligence, and data integrity • Authoring policies, procedures, and work instructions compliance with health authority regulations applicable to computer system, artificial intelligence, and data integrity • Provide clients with advice and guidance on computer system validation, AI compliance, and data integrity compliance approaches. Manage teams of internal resources in executing these strategies. • Assist in developing and maintaining internal procedures and tools for delivery of CSV, AI assurance, and data integrity services. • Develop and deliver original CSV content on current topics impacting the area of Computer System Validation, AI compliance, and electronic data integrity. Examples include blogs, training materials, webinars. • Teach computer system validation, software/AI quality compliance, and data integrity classes, as needed. • Participate in development of business strategies for growth of ProPharma’s CSV, AI Assurance, and Data Integrity practice. • Assist in development of the Marketing and Sales materials. Assist in Business Development activities. Assist Operations in staffing client projects. Lead interviews of ProPharma Group candidates. Some travel required. Other duties as assigned.

Role Description The Coding Auditor will be responsible for inpatient and outpatient coding and auditing for various specialties. This role will also be responsible for preparing and presenting audit results. - Perform coding audits and compliance audits for providers, including physicians and mid-level providers. - Prepare reports of audits and present audits to internal and external parties as needed. - Complete accurate application of appropriate coding and documentation guidelines, including but not limited to: - E&M and surgery documentation guidelines - CCI guidelines - CPT/HCPCS coding guidelines - Specialty association guidance - Provide physician education when necessary, including audit findings or edit and denial trending. - Complete coding audits for our copartners’ coding WQ. - Work with any offsite auditors. - Evaluate and report on the overall quality of physician documentation that supports selected codes, specifically regarding medical necessity. - Adhere to local and national coverage determinations, CCI, and payer specific editing rules. - Ensure appropriate documentation and coding of split/shared services, teaching physician guidelines, and any client specific quality assessment programs. - Compile, trend, analyze, and report on all findings that do not meet the guidelines listed above. - Maintain a professional attitude. - Other duties as assigned by the management team. - Use, protect, and disclose patients’ protected health information (PHI) only in accordance with Health Insurance Portability and Accountability Act (HIPAA) standards. - Understand and comply with Information Security and HIPAA policies and procedures at all times. - Limit viewing of PHI to the absolute minimum necessary to perform assigned duties. Qualifications - High School diploma or equivalent required. - CPC or CCS coding certification required from AHIMA or AAPC. - Minimum 5 years of coding experience and minimum 2 years auditing experience in a multi-specialty setting. - Must be able to use job-related software. - Self-starter with ability to work independently. - Proficiency in Microsoft Office Suite. - Strong interpersonal skills, ability to communicate well at all levels of the organization. - Strong problem solving and creative skills, ability to exercise sound judgment and make decisions based on accurate and timely analyses. - High level of integrity and dependability with a strong sense of urgency and results oriented. - Excellent written and verbal communication skills required. - Gracious and welcoming personality for customer service interaction. Requirements - Must possess a smart-phone or electronic device capable of downloading applications for multifactor authentication and security purposes. Working Conditions - While performing the duties of this job, the employee is occasionally required to move around the work area; sit; perform manual tasks; operate tools and other office equipment such as computer, computer peripherals, and telephones; extend arms; kneel; talk and hear. - The employee must be able to follow directions, collaborate with others, and handle stress. - The noise level in the work environment is usually minimal.

• Independently plan audits • Conduct audits in accordance with relevant standards • Prepare for and follow up on audit processes • Prepare audit reports in German and English • Lead on-site audits