Experienced HITRUST Assessment Manager
ISG
full-time
Posted on:
Location Type: Remote
Location: Brazil
Visit company websiteExplore more
About the role
- The HITRUST Assessment Manager is responsible for leading and managing HITRUST readiness and validated assessment engagements for clients, with a focus on healthcare and other highly regulated industries.
- This role combines hands-on assessment work with people leadership, overseeing a Panama-based team that supports global clients.
- Ensure high-quality deliverables, efficient project execution, and a consistent, standards-driven approach aligned with the HITRUST CSF and related frameworks.
- Lead multiple concurrent HITRUST readiness and validated assessment engagements from planning through reporting.
- Develop and execute assessment plans, including scope, objectives, timelines, and resource allocation.
- Conduct and oversee comprehensive risk and gap assessments against the HITRUST CSF, including control design and operating effectiveness testing.
- Review client policies, procedures, technical configurations, and evidence to evaluate conformance with HITRUST CSF, HIPAA, and related regulatory expectations.
- Develop clear, actionable remediation recommendations and roadmaps to support clients’ certification or recertification efforts.
- Directly supervise a team of HITRUST assessors/consultants, including assigning work, providing coaching, and performing performance feedback and periodic evaluations.
- Help build a positive, collaborative culture that emphasizes quality, client service, and continuous improvement.
Requirements
- Bachelor’s degree in Information Systems, Information Technology, Computer Science, Cybersecurity, Accounting, or a closely related field.
- Minimum five years of direct, hands-on experience performing HITRUST validated assessments, ideally within a public accounting, consulting, or specialized cybersecurity firm.
- Minimum two years of experience in a formal management or team lead role (e.g., managing staff/seniors, overseeing engagement teams, or running a regional delivery team).
- Demonstrated experience working with U.S.-based and international team members and clients and navigating cross-border, remote-delivery engagement models.
- Strong knowledge of information security and privacy principles, particularly in healthcare or other regulated environments (HIPAA/HITECH, GDPR, NIST 800-53, ISO 27001, SOC 2, PCI, etc.).
- Deep understanding of the HITRUST CSF, assessment types (e.g., e1, i1, r2), and certification lifecycle (readiness, validated assessment, interim assessment, recertification).
- Experience evaluating and testing administrative, technical, and physical security controls in on-prem, cloud, and hybrid environments (AWS, Azure, GCP).
- Proficiency with GRC platforms (e.g., Vanta, Drata) and HITRUST tools (e.g., MyCSF) and common productivity tools.
- Fluent English (spoken and written) required. Spanish language skills strongly preferred.
- One or more relevant information security/audit certifications such as CISA, CISSP, CISM, CRISC, or similar.
- Active Certified HITRUST CSF Practitioner (CCSFP) certification (or ability to obtain within three months after hire).
Benefits
- Flexible Paid Time Off and paid Holidays
- Quarterly Performance Bonuses
- Full-time employee of our Panamanian entity
- Competitive salary and benefits package.
- Opportunities for professional growth and development.
- Collaborative and innovative work environment.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
HITRUST validated assessmentsrisk assessmentsgap assessmentscontrol designoperating effectiveness testinginformation security principlesprivacy principlessecurity controls evaluationcloud environmentshybrid environments
Soft Skills
people leadershipproject executioncoachingperformance feedbackcollaborative cultureclient servicecontinuous improvement
Certifications
CISACISSPCISMCRISCCertified HITRUST CSF Practitioner (CCSFP)