Key skills
AWSAzureCloudCyber SecurityGoogle Cloud PlatformGCPGoogle CloudMentoring
About this role
Role Overview
- The HITRUST Assessment Manager is responsible for leading and managing HITRUST readiness and validated assessment engagements for clients, with a focus on healthcare and other highly regulated industries.
- Lead multiple concurrent HITRUST readiness and validated assessment engagements from planning through reporting.
- Develop and execute assessment plans, including scope, objectives, timelines, and resource allocation.
- Conduct and oversee comprehensive risk and gap assessments against the HITRUST CSF, including control design and operating effectiveness testing.
- Review client policies, procedures, technical configurations, and evidence to evaluate conformance with HITRUST CSF, HIPAA, and related regulatory expectations.
- Develop clear, actionable remediation recommendations and roadmaps to support clients’ certification or recertification efforts.
- Directly supervise a team of HITRUST assessors/consultants, including assigning work, providing coaching, and performing performance feedback and periodic evaluations.
- Review and quality-check team deliverables (workpapers, test results, reports) to ensure alignment with firm methodology and HITRUST requirements.
- Provide ongoing training, mentoring, and technical guidance to develop the team’s HITRUST, security, and audit capabilities.
Requirements
- Bachelor’s degree in Information Systems, Information Technology, Computer Science, Cybersecurity, Accounting, or a closely related field.
- Minimum five years of direct, hands-on experience performing HITRUST validated assessments, ideally within a public accounting, consulting, or specialized cybersecurity firm.
- Minimum two years of experience in a formal management or team lead role (e.g., managing staff/seniors, overseeing engagement teams, or running a regional delivery team).
- Deep understanding of the HITRUST CSF, assessment types (e.g., e1, i1, r2), and certification lifecycle (readiness, validated assessment, interim assessment, recertification).
- Strong knowledge of information security and privacy principles, particularly in healthcare or other regulated environments (HIPAA/HITECH, GDPR, NIST 800-53, ISO 27001, SOC 2, PCI, etc.).
- Experience evaluating and testing administrative, technical, and physical security controls in on-prem, cloud, and hybrid environments (AWS, Azure, GCP).
- Proficiency with GRC platforms (e.g., Vanta, Drata) and HITRUST tools (e.g., MyCSF) and common productivity tools.
- Fluent English (spoken and written) required; Spanish language skills strongly preferred.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Google Cloud Platform
Benefits
- Flexible Paid Time Off and paid Holidays
- Quarterly Performance Bonuses
- Full-time employee of our Panamanian entity
- Competitive salary and benefits package.
- Opportunities for professional growth and development.
- Collaborative and innovative work environment.