Webb Adams Security and Compliance Consultant Remote · Full time

A Security and Compliance Consultant’s primary responsibilities include assisting clients in developing, managing, and implementing information technology and cybersecurity compliance programs that meet complex frameworks (to include HITRUST). Client engagements typically consist of gap assessments, internal audits, policy/procedure development, risk assessments, incident response/disaster recovery exercises, evidence upload, and external assessor audit support.

Description

Duties:

  • Project manage multiple complex engagements to prepare clients to undergo external assessor IT/cybersecurity compliance audits
  • Conduct gap assessments mapped to the HITRUST framework
  • Create, review, and maintain security policies, scoping documents, and all required HITRUST (and other applicable framework) policy and procedure documentation
  • Conduct annual risk assessments with accompanying risk treatment plans
  • Provide subject matter expert guidance to clients on proper technical implementation meeting HITRUST and other applicable framework requirements
  • Manage evidence collection in preparation for clients' external assessor audits
  • Attend and act as a subject matter representative of clients during external assessor audits


Requirements:

  • Experience with and knowledge of healthcare operations and business processes
  • In-depth understanding of HITRUST, NIST, SOC 2, ISO 27001, or other IT security/compliance frameworks
  • Knowledge of complex enterprise-wide IT tools, architecture, and implementations
  • Demonstrated experience in performing security and privacy risk assessments
  • Demonstrated experience in performing compliance assessments and implementing regulatory requirements
  • Demonstrated experience in writing compliant policies, procedures, and other documentation within various information security frameworks
  • Ability to work remotely and collaborate with others via video conferencing
  • Results-oriented mindset
  • Ability to self-motivate
  • Strong written and oral communication skills
  • Strong project management skills
  • High school diploma or GED
  • One to three (1-3) years of experience in information security, IT audit, information technology, HITRUST, or related field


Desired:

  • One of the following certifications:
  • CCSFP (Certified CSF Practitioner)
  • HCISPP (Healthcare Information Security and Privacy Practitioner)
  • CISA (Certified Information Systems Auditor)
  • CISM (Certified Information Security Manager)
  • CISSP (Certified Information Systems Security Professional)
  • Extensive knowledge of the HITRUST CSF
  • Extensive knowledge of SOC 2 Trust Services Criteria
  • Extensive knowledge of ISO 27001 standards
  • Extensive understanding of HIPAA/HITECH Security Rule
  • Bachelor’s Degree in Information Technology, Cybersecurity, or related field


Benefits:

  • Health Care: Cover 75% of the premium of the team member
  • Dental Care: Cover 75% of the premium of the team member
  • Vision Care: Cover 75% of the premium of the team member
  • 401(k): 100% match of up to the first 5% of team member’s pay
  • 100% Remote
  • Unlimited Paid Time Off
  • All Federal Holidays Off