PointClickCare · 3 days ago

Sr Audit Analyst - (HITRUST)

Dallas, TX

Full-time

Remote

Mid, Senior Level

$120K/yr - $136K/yr

5+ years exp

Maximize your interview chances

Elder CareEnterprise Software

Growth Opportunities

Insider Connection @PointClickCare

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Lead the HITRUST audit lifecycle for various lines of businesses and products, including coordinating with Auditors, control owners, collecting and reviewing evidence, addressing audit requirements and discrepancies, and ensuring the organization meets all HITRUST audit criteria.

Review various products to determine audit compliance and advise on product-security requirements in alignment with audit requirements

Act as the organization's HITRUST expert and advisor, advising other departments on compliance, best practices and process improvements, including providing guidance on aligning internal controls, processes, and procedures with various audit requirements (FEDRAMP, SOC etc.) and ensuring on-going compliance.

Coordinate and support certain aspects of the TPRM process, including contributing to pre-sales and post-sales discussions, providing organizational information to prospects and customers, and ensuring third-party relationships comply with our compliance standards

Ensure the organization's on-going compliance with internal policies and external regulations by creating, maintaining and operationalizing policies and procedures, conducting regular internal reviews, and managing related assurance activities.

Support the risk identification, assessment and mitigation efforts across the organization, ensuring that all key risks are effectively monitored and controlled in alignment with the risk management framework.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

HITRUST auditsCISSP certificationNIST SP 800-53Access ControlsNetworking SecurityApplication SecuritySIEMFirewallGRCSecurity controls managementGRC tool experienceConfiguration managementNetwork security assessmentFEDRAMP auditsSOC 1 auditsSOC 2 auditsAudit requirements interpretationEDREncryptionVulnerability ManagementDAST/SASTLMS solutions

Required

5+ years performing or leading HITRUST audits

CISSP certification or equivalent

Strong knowledge of NIST SP 800-53 framework

Expertise in at least 7 out of the 19 HITRUST domain areas, particularly Access Controls, Networking and Application/Code Security.

Technical product knowledge and hands-on experience with SIEM, Firewall, EDR, Encryption, GRC, Vulnerability Management, DAST/SAST, and LMS solutions.

Proficient in managing and implementing security controls for both SaaS-based and on-premises systems

Hands-on experience with at least one GRC tool.

Hands-on experience with configuration management and control solutions.

Ability to challenge and advise control owners on their processes and controls, including the ability to engage in productive dialogue to drive improvements.

Practical knowledge of firewall, switches and router configurations, with the ability to assess and review network security devices and settings

Strong technical acumen and background, with the ability to engage technical teams on system configurations and control implementation for a secure infrastructure

Strong familiarity with, or experience in leading additional audits and assessments including but not limited to FEDRAMP, SOC 1, SOC 2 etc.

Ability to interpret audit requirements (Control Specifications and Requirement Statements) to articulate required controls to environment owners.