Consultant - Hitrust

Key Responsibilities

• Lead and execute HITRUST (e1, i1, r2) assessments and audits:
• Conduct control testing and evidence validation.
• Review client-prepared documentation for adequacy and effectiveness.
• Evaluate business processes and control requirements.
• Prepare and maintain HITRUST workpapers and related documentation in line with required methodologies.
• Create gap remediation action plans and provide consultative guidance to clients on addressing identified control weaknesses.
• Deliver SOC 2 assessments (readiness or attestation support), including testing of controls and preparing required documentation.
• Draft detailed reports, including assessment findings, observations, and recommendations; present results to client stakeholders.
• Work collaboratively with clients to ensure engagement success, proactively addressing questions, concerns, and opportunities for improvement.
• Manage multiple concurrent projects while adhering to timelines and deliverable schedules.
• Assist clients with internal and external audit readiness and corrective action implementation.
• Facilitate workshops, security awareness sessions, and management reviews as needed.
• Stay updated on HITRUST, SOC 2, ISO 27001, and regional regulatory requirements, providing advisory support based on emerging industry trends.
• Willingness to adjust working hours to align with client time zones (IND/US/EU) as required by project engagements

Deliverables and Outcomes

• Hands-on experience with HITRUST CSF assessments (e1, i1, r2) and/or SOC 2 (Trust Services Criteria).
• Strong knowledge of ISO 27001:2022 and ISO 27002 controls, ISO 31000 (risk management), and related frameworks.
• Familiarity with regulatory environments such as HIPAA, GDPR, and other data protection laws.
• Experience conducting internal/external audits, gap assessments, and managing certification/attestation engagements.
• Understanding of information security principles (CIA) and their application in enterprise environments.
• Working knowledge of cloud security and common platforms (Azure, AWS, GCP).
• Exposure to security operations and GRC tools.
• Strong documentation and reporting skills; ability to present findings effectively to senior stakeholders.

Key Skills

• Hands-on experience with HITRUST CSF assessments (e1, i1, r2) and/or SOC 2 (Trust Services Criteria).
• Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2
• Familiarity with regulatory environments such as HIPAA, GDPR, and other data protection laws.
• Experience conducting internal/external audits, gap assessments, and managing certification/attestation engagements.
• Understanding of information security principles (CIA) and their application in enterprise environments.
• Working knowledge of cloud security and common platforms (Azure, AWS, GCP).
• Exposure to security operations and GRC tools.
• Strong documentation and reporting skills; ability to present findings effectively to senior stakeholders.

Competencies

• Analysis Skills
• Independence
• Customer Focus
• Communications- Oral & written
• Persuasion
• Adaptability to Change