Security and IT Controls Auditor - HIPAA & HiTrust

Role Overview:

The consultant will be required to perform HIPAA Security Rule assessments of a variety of Hosted Digital Medical Device Products (effectively Microsoft based cloud hosted systems), Enterprise Solutions and Data Repositories. A number of prioritized assessment targets will be determined by the program team, comprising leaders from Information Security, Privacy, Compliance, Legal and a dedicated Program Manager. Depending on how quickly this position can be filled, an assessment methodology will be devised and templates generated for performing and recording assessment outcomes. Some input on remedial actions for any gaps identified, may also be required.

Responsibilities:

• 5% Input into program planning
• 5% Creation of assessment methodology and templates (potentially)
• 60% Execution of HIPAA Security Rule Assessments
• 20% Documentation of results
• 10% Consultation on any remedial actions

Requirements:

Licenses/Certifications:

• Qualifications for Information Security Audit would be beneficial e.g. Certified Information Systems Auditor (CISA).

Experience & Education:

• Minimum five years performing Information Security Audits on IT systems or Digital Medical Devices
• Any prior experience performing HITRUST/HIPAA Security Rule audits REQUIRED
• Educated to degree standard preferred