Consultant - Health Information Technology Security Compliance Consultant

About This Role

This role supports clients in the rapidly evolving privacy landscape by providing subject matter expertise and program operations support for health information technology (HIT) security compliance initiatives and activities. The consultant will collaborate with a team to ensure adherence to security and privacy requirements for significant HIT programs.

Responsibilities

• Supports organizations with governance, risk, and compliance (GRC) activities for significant health information technology (HIT) programs
• Provides support for establishing security awareness and training programs
• Assists with incident response programs
• Supports disaster recovery programs
• Contributes to vulnerability management programs
• Aids in software development life cycle (SDLC) programs
• Learns and applies knowledge of NIST 800-30 risk assessments, NIST 800-53 compliance assessments, and the NIST Cybersecurity Framework (CSF)
• Works with clients and teams to ensure contractors adhere to applicable security and privacy requirements

Requirements

• Familiarity with the software development life cycle (SDLC)
• Ability to assess risk
• Understanding of root causes of vulnerabilities and ability to articulate them
• Understanding of Health Insurance Portability and Accountability Act (HIPAA) security and privacy requirements
• Understanding of NIST 800-53 controls
• Knowledge of the NIST Cybersecurity Framework (CSF)
• Excellent communication and writing skills
• Knowledge of NIST 800-30 style risk assessments

Qualifications

• A bachelor’s degree in a related field of study
• 1 year of experience; an equivalent combination of advanced education, training, and experience will be considered

Nice to Have

• Knowledge of Health Information Trust Alliance (HITRUST) certification
• Other skill-specific security certification

Skills

* Required skills

Certifications