[Hiring] Senior HITRUST Assessor @Insight Assurance

Role Description

The HITRUST Senior Assessor is responsible for supporting and executing HITRUST readiness and validated assessment engagements for clients, with a focus on healthcare and other highly regulated industries. This role is primarily hands-on, contributing to assessment activities, ensuring high-quality deliverables, and following a consistent, standards-driven approach aligned with the HITRUST CSF and related frameworks.

Qualifications

• One or more relevant information security/audit certifications such as CISA, CISSP, CISM, CRISC, or similar.
• Active Certified HITRUST CSF Practitioner (CCSFP) certification (or ability to obtain within three months after hire).
• Demonstrated formal training in HITRUST assessment methodology and MyCSF usage.

Requirements

• Minimum three to five years of direct, hands-on experience performing HITRUST validated assessments, ideally within a public accounting, consulting, or specialized cybersecurity firm.
• Experience supporting engagement, delivery, and working within project teams.
• Demonstrated experience working with U.S.-based and international team members and clients.
• Prior experience with SOC 2, ISO 27001, or other assurance/compliance engagements is strongly preferred.

Benefits

• Flexible Paid Time Off and paid Holidays
• 100% Remote
• Competitive salary and benefits package.
• Opportunities for professional growth and development.
• Collaborative and innovative work environment.

Duties and Responsibilities

• Engagement Delivery & Client Support
  • Support multiple concurrent HITRUST readiness and validated assessment engagements from planning through reporting.
  • Assist in developing and executing assessment plans, including scope, objectives, and timelines.
  • Perform comprehensive risk and gap assessments against the HITRUST CSF, including control design and operating effectiveness testing.
  • Review client policies, procedures, technical configurations, and evidence to evaluate conformance with HITRUST CSF, HIPAA, and related regulatory expectations.
  • Document findings and contribute to remediation recommendations and roadmaps to support clients’ certification or recertification efforts.
• Team Collaboration
  • Collaborate with engagement leads and team members to deliver high-quality work products.
  • Assist in preparing workpapers, test results, and reports in alignment with firm methodology and HITRUST requirements.
  • Provide support and guidance to junior team members as needed.
  • Contribute to a collaborative culture that emphasizes quality, client service, and continuous improvement.
• Methodology, Quality, and Process Support
  • Follow the firm’s HITRUST methodology, templates, and work programs in alignment with the HITRUST Assessment Handbook and Risk Management Handbook.
  • Stay current on HITRUST CSF updates, emerging guidance, and related frameworks (e.g., NIST, ISO 27001, SOC 2, HIPAA).
  • Support internal quality assurance activities and remediation of identified process gaps.
  • Collaborate with cross-functional teams (e.g., SOC, ISO, PCI) to promote consistent, integrated service delivery.
• Business Support
  • Assist with engagement scoping, documentation, and client deliverables as needed.
  • Participate in client meetings, onboarding calls, and status updates.
  • Contribute to internal knowledge-sharing and training initiatives on HITRUST and cybersecurity.

Skills

• Technical Skills
  • Strong understanding of the HITRUST CSF, assessment types (e1, i1, r2), and certification lifecycle (readiness, validated assessment, interim assessment, recertification).
  • Knowledge of information security and privacy principles, particularly in healthcare or other regulated environments (HIPAA/HITECH, GDPR, NIST 800-53, ISO 27001, SOC 2, PCI, etc.).
  • Experience evaluating and testing administrative, technical, and physical security controls in on-prem, cloud, and hybrid environments (AWS, Azure, GCP).
  • Familiarity with GRC platforms (e.g., Vanta, Drata) and HITRUST tools (e.g., MyCSF).
• Consulting Skills
  • Strong organizational and time management skills, with the ability to manage multiple priorities.
  • Excellent written and verbal communication skills in English, with the ability to explain technical and regulatory concepts clearly.
  • Strong analytical and problem-solving skills; able to identify risk and support practical solutions.
  • High level of professionalism, integrity, and client-service orientation.

Education

• Required
  • Bachelor’s degree in Information Systems, Information Technology, Computer Science, Cybersecurity, Accounting, or a closely related field.
• Preferred
  • Master’s degree in Information Systems, Cybersecurity, Accounting, or related discipline, or MBA with a concentration in technology risk, audit, or accounting.