Hitrust Consultant

Senior IT Security Consultant The Sr. IT Security Consultant performs security assessments of the client’s IT environments against various industry standards and regulations, including HITRUST, HIPAA, and ISO 27001. The Sr. IT Security Consultant performs these assessments both remotely and at client sites, gathering evidence of controls in place to assess the controls and identify gaps. The Sr. Consultant works with the client in a partnership model and other ControlCase teams over the life of the project to ensure that security controls are appropriate and compiles the information gathered in a final assessment report. RESPONSIBILITIES · Lead the client audits/assessments and Interface with clients to review and analyze complex systems (Applications, Operating systems, Databases, and Networking devices), or Cloud technologies (AWS, Azure, GCP) to identify security gaps and missing security controls within the client environments as per the requirements defined in the security standards and regulations · Work with client to understand their business processes, analyze sensitive data flows (business and application data flows), network architecture, and define the proper audit/assessment scope · Perform reviews for client organization’s information security policies and procedures against various industry standards and regulations, including HITRUST, HIPAA, and ISO 27001· Work on drafting information security policies and procedure documentation for clients as part of the consulting engagement · Perform detailed risk assessment for the client environment, including their business processes and infrastructure, using risk management frameworks (ISO, NIST)· Wherever possible, provide the audit/assessment scope reduction guidance to the client · Work independently with the client to perform audit interviews, collect, consolidate, and analyze evidence for the compliance assessment, and meet the internal quality assurance requirements throughout the assessment · Provide consulting guidance and recommendations to clients to help them meet the compliance requirements and improve their security posture in accordance with applicable security controls · Establish and maintain positive collaborative relationships with clients and stakeholders · Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations · Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue · Collaborates with project managers, internal quality assurance group, sales, and other delivery team members to drive customer satisfaction and meet project deliverables · Work on continuous professional development in maintaining industry-specific certifications and strong depth of knowledge in the practice area · Travel to client sites as needed DESIRED SKILLS · Bachelor’s degree. A specialization in information assurance is preferred · At least 3-7 years of information security assessment experience, including for HITRUST, HIPAA, and ISO 27001· Ability to analyze network architectures and review the network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) and Servers/ Virtualization Devices configurations · Good understanding and audit experience for cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)· In-depth knowledge in IT Security Policies and Procedures that govern client’s Information Security and Privacy programs · In-depth knowledge and experience in IT Security, including access controls, network security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption, and key management best practices etc. · In-depth knowledge and experience with the HITRUST framework, HIPAA law, and Risk Management Standards (NIST/ISO)· At least one certification from each group is preferred:

• Group 1- CISSP, CISA, CISM
• Group 2- ISO27001 Lead Implementer, ISO27001 Lead Auditor