Senior HITRUST Assessor (CCSFP)- US Remote

Insight Assurance

12d•Remote

About The Position

Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, we deliver next-generation audit services across SOC 2, ISO 27001, PCI DSS (QSA), HITRUST, CMMC (C3PAO), and FedRAMP (3PAO) frameworks. We’re not your traditional audit firm — we’re tech-enabled, leveraging compliance automation and advanced collaboration tools to make audits faster, smarter, and more impactful for our clients. Recognized on the Inc. 5000 and Fast 50 lists, Insight Assurance is one of the fastest-growing global audit firms, with 170+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC. The HITRUST Senior Assessor is responsible for supporting and executing HITRUST readiness and validated assessment engagements for clients, with a focus on healthcare and other highly regulated industries. This role is primarily hands-on, contributing to assessment activities, ensuring high-quality deliverables, and following a consistent, standards-driven approach aligned with the HITRUST CSF and related frameworks.

Requirements

One or more relevant information security/audit certifications such as CISA, CISSP, CISM, CRISC, or similar.
Active Certified HITRUST CSF Practitioner (CCSFP) certification (or ability to obtain within three months after hire).
Demonstrated formal training in HITRUST assessment methodology and MyCSF usage.
Minimum three to five years of direct, hands-on experience performing HITRUST validated assessments, ideally within a public accounting, consulting, or specialized cybersecurity firm.
Experience supporting engagement, delivery, and working within project teams.
Demonstrated experience working with U.S.-based and international team members and clients.
Bachelor’s degree in Information Systems, Information Technology, Computer Science, Cybersecurity, Accounting, or a closely related field.
Strong understanding of the HITRUST CSF, assessment types (e1, i1, r2), and certification lifecycle (readiness, validated assessment, interim assessment, recertification).
Knowledge of information security and privacy principles, particularly in healthcare or other regulated environments (HIPAA/HITECH, GDPR, NIST 800-53, ISO 27001, SOC 2, PCI, etc.).
Experience evaluating and testing administrative, technical, and physical security controls in on-prem, cloud, and hybrid environments (AWS, Azure, GCP).
Familiarity with GRC platforms (e.g., Vanta, Drata) and HITRUST tools (e.g., MyCSF).
Strong organizational and time management skills, with the ability to manage multiple priorities.
Excellent written and verbal communication skills in English, with the ability to explain technical and regulatory concepts clearly.
Strong analytical and problem-solving skills; able to identify risk and support practical solutions.
High level of professionalism, integrity, and client-service orientation.

Nice To Haves

Prior experience with SOC 2, ISO 27001, or other assurance/compliance engagements is strongly preferred.
Master’s degree in Information Systems, Cybersecurity, Accounting, or related discipline, or MBA with a concentration in technology risk, audit, or accounting.

Responsibilities

Support multiple concurrent HITRUST readiness and validated assessment engagements from planning through reporting.
Assist in developing and executing assessment plans, including scope, objectives, and timelines.
Perform comprehensive risk and gap assessments against the HITRUST CSF, including control design and operating effectiveness testing.
Review client policies, procedures, technical configurations, and evidence to evaluate conformance with HITRUST CSF, HIPAA, and related regulatory expectations.
Document findings and contribute to remediation recommendations and roadmaps to support clients’ certification or recertification efforts.
Collaborate with engagement leads and team members to deliver high-quality work products.
Assist in preparing workpapers, test results, and reports in alignment with firm methodology and HITRUST requirements.
Provide support and guidance to junior team members as needed.
Contribute to a collaborative culture that emphasizes quality, client service, and continuous improvement.
Follow the firm’s HITRUST methodology, templates, and work programs in alignment with the HITRUST Assessment Handbook and Risk Management Handbook.
Stay current on HITRUST CSF updates, emerging guidance, and related frameworks (e.g., NIST, ISO 27001, SOC 2, HIPAA).
Support internal quality assurance activities and remediation of identified process gaps.
Collaborate with cross-functional teams (e.g., SOC, ISO, PCI) to promote consistent, integrated service delivery.
Assist with engagement scoping, documentation, and client deliverables as needed.
Participate in client meetings, onboarding calls, and status updates.
Contribute to internal knowledge-sharing and training initiatives on HITRUST and cybersecurity.