Business Analyst (contract)

KPMG US is seeking a contractor to support a HIPAA Security Risk Assessment for a large public university health environment. This role involves hands-on execution support, assisting with evidence review, documentation, and stakeholder interviews under the direction of an Engagement Manager and senior team members.

Responsibilities:

• Support execution of a HIPAA Security Risk Assessment aligned to the HIPAA Security Rule
• Review and organize evidence and documentation (policies, procedures, logs, inventories, screenshots)
• Assist with questionnaire analysis and identification of gaps, inconsistencies, or follow up needs
• Participate in and document stakeholder interviews and walkthroughs
• Update trackers (e.g., APG, DRL, gap logs) and maintain audit trails
• Draft clear, concise workpapers, summaries, and preliminary observations
• Escalate issues, ambiguities, or potential risks to senior team members
• Follow established assessment methodology and documentation standards
• Act with integrity, professionalism, and personal responsibility to uphold the firm’s respectful and courteous work environment

Requirements:

• Support execution of a HIPAA Security Risk Assessment aligned to the HIPAA Security Rule
• Review and organize evidence and documentation (policies, procedures, logs, inventories, screenshots)
• Assist with questionnaire analysis and identification of gaps, inconsistencies, or follow up needs
• Participate in and document stakeholder interviews and walkthroughs
• Update trackers (e.g., APG, DRL, gap logs) and maintain audit trails
• Draft clear, concise workpapers, summaries, and preliminary observations
• Escalate issues, ambiguities, or potential risks to senior team members
• Follow established assessment methodology and documentation standards
• Act with integrity, professionalism, and personal responsibility to uphold the firm's respectful and courteous work environment
• All applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future
• Prior experience supporting HIPAA Security Risk Assessments
• Prior experience supporting SOX ITGCs or IT audits
• Prior experience in Healthcare or academic medical environments
• Familiarity with access controls, incident response, risk analysis, or contingency planning
• Experience using Excel, SharePoint, or similar tracking tools
• Certifications a plus but not required (e.g., CISA, CISSP, HCISPP)