HITRUST Assessment & Advisory Consultant – Direct Hire


Hybrid Remote/On-site; willing to travel up to 50%

Reporting locations include; Atlanta, Nashville, Charlotte, Tampa or Las Vegas

Manager and Senior level roles available supporting HITRUST initiatives

Day to day:

As a member of the HITRUST team, the experienced HITRUST assessor will be part of an elite assessment team that provides high-quality assessment services to the firm’s clients. You will have the opportunity to significantly expand their HITRUST experience by collaborating on innovative technologies and processes to deliver services designed to solve complex challenges. As a member of our client’s HITRUST team, you will have an opportunity to learn at an incredibly fast pace, be part of something meaningful and exciting, and make a positive impact on our clients and firm as a whole.

Qualifications include:

  • Bachelor’s degree in Information Technology or Information Security or a related field
  • CCSFP with 1-3 years of information security and HITRUST experience required
  • Intimate knowledge of IT security technologies and available services (e.g., Colo, SaaS, IaaS, PaaS, etc.) is required
  • Working knowledge of IT security frameworks and regulations such as SOC, PCI, NIST and ISO is preferred

We are looking for:

  • Intimate knowledge of the HITRUST CSF, including experience advising and assessing against all CSF domains for HITRUST readiness and validated assessments
  • Experience and knowledge of healthcare operations and business processes
  • Working experience in the healthcare industry, including working with the HIPAA Security and Privacy Rules and HITRUST Common Security Framework (CSF)
  • Demonstrated experience in performing security and privacy risk assessments
  • Demonstrated experience performing compliance assessments and implementing regulatory requirements (HIPAA, HITECH, Security Breach Notification and PCI)
  • An understanding of IT security technologies, including network and application security, firewalls, access management, and data protection
  • Ability to interpret processes and controls, identify risks and weaknesses that require remediation, develop mitigation action plans, and validate that corrective actions have been remediated
  • Effective communicator (oral and written) comfortable with delivering presentations and making recommendations to client senior leadership
  • Ability to work independently and within a team to accomplish assigned tasks on time and in an efficient manner
  • Demonstrated passion for building strong rapport and relationships with internal team and clients
  • Exemplifies a positive attitude and strong work ethic with a commitment to teamwork and professionalism

#TN1