Senior Information Security Quality Analyst

About The Position

Requirements

• Bachelor’s degree from an accredited college/university or equivalent work experience
• This position requires 3 to 7 years of experience performing and reviewing IT audits, such as SOC 2 reports, IT Security Reviews, IT general controls reviews, etc.
• Strong knowledge of security risk management, analysis and assessment concepts and their application
• Proven ability to leverage AI to enhance efficiency and productivity
• Ability to manage multiple projects simultaneously and adapt to shifting priorities
• Strong analytical skills required; must be very detail-oriented with an ability to develop and apply complex concepts
• Interpersonal project management skills; ability to organize and track project tasks
• Ability to effectively communicate complex information in a clear and concise manner
• Ability to work independently and effectively manage others

Nice To Haves

• HITRUST experience as an External Assessor or similar role (e.g. Internal Audit) within a HITRUST Assessed Entity
• Public accounting experience in an IT audit role
• Experience designing reports in Domo, or other data analytics tools
• History of writing blogs, thought leadership, educational material, LinkedIn posts, etc. on cybersecurity topics
• Understanding of the criteria within the HITRUST Assessment Handbook
• Experience in executing, leading, and/or reviewing HITRUST Assessments.
• Experience in reviewing complex, controls-focused inspections and assessments performed by other teams
• Experience in assessing control maturity against a defined control maturity evaluation framework
• Experience in working with NIST SP 800-53, NIST SP 800-30, the NIST Cybersecurity Framework, ISO 27001/2, and/or the HITRUST CSF
• CCSFP and/or CHQP certification
• CISA, HCISPP, CISM, CIA, CISSP or similar certification

Responsibilities

• Perform HITRUST quality reviews ensuring assessment adherence to the HITRUST Assessment Handbook criteria.
• Review HITRUST assessment reports and certifications prior to issuance.
• Lead the escalated quality assurance reviews of HITRUST assessments when necessary.
• Identify and investigate actual and suspected breaches occurring in HITRUST certified environments.
• Monitor HITRUST certifications and External Assessors for adherence to the HITRUST Assessment Handbook criteria.
• Design reports which analyze HITRUST assessments and trends.
• Write and post thought leadership providing market education and awareness on various cybersecurity topics.
• Contribute to the Quality department goals and initiatives, including collaborating with other departments (e.g., Legal, Information Security, Assurance, HR, etc.) as needed.
• Review and contribute to HITRUST’s internal policies and procedures for the general operation of the company and its quality program to prevent and detect unethical or improper conduct.