Associate, HITRUST

What You'll Do

• Works closely with senior members to support audit preparation and document assessments against prescribed sets of criteria
• Execute, examine, interview, and test procedures in accordance with the proper control or compliance system
• Ensure cybersecurity policies are adhered to an that required controls are implemented
• Validate respective information system security plans to ensure that appropriate control requirements are met
• Take charge of identifying information sources, gathering and interpreting data, and ensuring diligent and accurate data and note capturing of customer interviews
• Pursues and corroborates conclusions derived from inquiry procedures
• Proactively drafts and documents audit planning and reporting material for peer review at appropriate milestones throughout the engagement lifecycle
• Adheres to pre-defined project timelines and communicates possible changes to the schedule or scope of work
• Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each deliverable
• Provide advice to the client on various matters related to the assessment/audit and effectively requests or communicates technical requirements to a non-technical audience
• Support and maintain positive collaborative relationships with clients and stakeholders
• Maintain industry expertise by studying for and achieving industry recognized certifications
• Travel approximately 15%
• Ability to be successful when working remotely.

What You'll Bring

• An introductory understanding of IT security technologies including cloud architecture and application security, firewalls, access management, and data protection
• Educational or work experience involving IT Security and/or IT Audit principles·       
• Strong written and verbal communication skills including the ability to explain security controls to a non-technical audience
• Strong personal initiative to appropriately manage time and meet deadlines
• High attention to detail and quality
• Computer and typing skills that permit rapid data collection and note taking
• Ability to participate and support meetings to small or large groups
• Public speaking and emerging executive presence
• Inquisitive and curious nature with the ability to effectively probe for deeper information
• Diplomatic and broad minded
• Strong technical researcher
• Bachelor's degree (four-year college or university) or equivalent combination of education and work experience. Degree preferably in Information Systems or Business.

Bonus Points

• Experience or education in healthcare IT environments or security frameworks (HITRUST, HIPAA)·       
• Experience as an IT Consultant, IT auditor, Business Analyst, or similar role
• Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)
• At least one information security certification, such as CCSK or CompTIA Security+ (or willing to obtain one of these certifications)
• Amazon Web Services (AWS) Certified Cloud Practitioner