The Sr. IT Security Consultant leads security assessments of multiple client IT environments against various industry standards and regulations including HIPAA, HITRUST, PCI, ISO 27001/2, Sarbanes-Oxley, NIST 800-53 and others. Engage with client executives, technology leadership, and other Technology Risk and IT Compliance teams, over the course of an engagement.
Sr. IT Information Security Consultant?
The Sr. IT Security Consultant leads security assessments of multiple client IT environments against various industry standards and regulations including HIPAA, HITRUST, PCI, ISO 27001/2, Sarbanes-Oxley, NIST 800-53 and others. Engage with client executives, technology leadership, and other Technology Risk and IT Compliance teams, over the life of the assessment projects to ensure that security controls are appropriate and compiles the information gathered in a final assessment report.
- Leads execution of multiple concurrent technology security, risk assessments primarily as engagement lead in accordance with rigorous policy and work paper standards and within tight timeframes.
- Assesses key IT risks and controls and designs innovative and appropriate broad-based coverage across a technology and/or business activity, exhibiting exceptional judgment regarding issue identification, issuing draft findings to client management, and drafting and issuing final assessment reports with limited guidance.
- Lead multiple HIPAA Security, IT risk and controls assessments for very large hospital systems (Covered Entities and Business Associates), medical office buildings, clinics, medical lab facilities, and related IoT.
- Provide PCI DSS Report on Compliance (ROC) assessment and certification ? Level 1 and 2.
- Provide Service Organization Controls readiness reports: HITRUST, ISO 27002, SOC 2/Type 2, and SOC 3.
- Develops valuable and trusting relationships with internal business partners by executing efficient work and enhancing risk management based on an enterprise-wide view of technology risk management.
- Guide certification projects to ensure clients meet their compliance and certification goals
- Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks, exposures, define and implement compensating controls.
- Work independently to collect, consolidate and analyze information required for the evaluation of security controls and gaps.
- Consulting on practical application of HIPAA, SOX, PCI, and NIST 800-53 rev4; including assessing application layers, databases, network / network segmentation, policies, and compensating controls.
- Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (HIPAA, HITRUST, PCI, ISO 27001/2, Sarbanes-Oxley, NIST 800-53, etc.)
- Bachelor?s degree or equivalent.
- At least 7-8years of experience in an IT security audit, assessment, and/or compliance role
- Extensive HIPAA Security experience assessing ? Hospital Systems, Providers, Covered Entities, Business Associates, BAA agreements, HIPAA, HIPAA Security Rule Controls
- Background in Service Organization Controls readiness, audits/attest reports: SOC 1, SOC 2/Type 2, and SOC 3.
- Strong background in auditing IT Security controls. Demonstrated leadership and the ability to successfully manage multi-functional or diverse areas
- Excellent IT project management and time management skills. Capable of tracking and executing numerous parallel activities, work efficiently and independently with minimal supervision
- Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
- Ability to communicate effectively, in both written and verbal formats, with senior executive-level leaders