[Hiring] HIPAA Compliance Assessor/Consultant @TestPros

Role Description

We are seeking a HIPAA Compliance Assessor / Consultant to support independent assessments of HIPAA compliance. This role will evaluate how websites, apps, or platforms collect, use, and protect user data, with a focus on minors/children.

Key Responsibilities

• Identify Electronic Protected Health Information (ePHI):
  • Locate all systems holding sensitive data.
• Identify Threats and Vulnerabilities:
  • Determine potential, reasonably anticipated threats.
• Assess Security Measures:
  • Evaluate current safeguards.
• Determine Likelihood and Impact:
  • Evaluate the probability and impact of potential breaches.
• Document and Prioritize Findings:
  • Create the formal report and risk mitigation plan.

Qualifications

• 5+ years of experience with HIPAA Assessments and Reporting
• 5+ years of experience with HIPAA guidelines, such as:
  • NIST Special Publication 800-66 Rev. 2: Implementing the HIPAA Security Rule
  • NIST Cyber Security Framework to HIPAA Security Rule Crosswalk
  • Health Information Trust Alliance (HITRUST)
• Hands-on experience conducting:
  • Privacy assessments / audits
  • PIA / DPIA
• Strong understanding of:
  • Data flows & data lifecycle
  • User data handling in web/mobile applications
• Experience reviewing:
  • Consumer-facing systems (apps, websites)
  • Consent, transparency, and privacy controls
• Ability to translate regulations into practical findings and recommendations

Nice to Have

• Background in GRC, cybersecurity, or product compliance
• Certifications such as:
  • CIPP
  • CIPM
  • CISM
  • or similar

Work Setup

• Part-time (consulting basis)
• 1099 or Corp-to-Corp
• Flexible hours
• Project-based (initial assessment engagement)