Senior HITRUST Assessor (CCSFP)- US Remote

Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, we deliver next-generation audit services across SOC 2, ISO 27001, PCI DSS (QSA), HITRUST, CMMC (C3PAO), and FedRAMP (3PAO) frameworks. 
 
We’re not your traditional audit firm — we’re tech-enabled, leveraging compliance automation and advanced collaboration tools to make audits faster, smarter, and more impactful for our clients. 
 
Recognized on the Inc. 5000 and Fast 50 lists, Insight Assurance is one of the fastest-growing global audit firms, with 170+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC.

Position Summary

The HITRUST Senior Assessor is responsible for supporting and executing HITRUST readiness and validated assessment engagements for clients, with a focus on healthcare and other highly regulated industries. This role is primarily hands-on, contributing to assessment activities, ensuring high-quality deliverables, and following a consistent, standards-driven approach aligned with the HITRUST CSF and related frameworks.

TRAINING AND CERTIFICATIONS

Required

• One or more relevant information security/audit certifications such as CISA, CISSP, CISM, CRISC, or similar.
• Active Certified HITRUST CSF Practitioner (CCSFP) certification (or ability to obtain within three months after hire).
• Demonstrated formal training in HITRUST assessment methodology and MyCSF usage.

EXPERIENCE

• Minimum three to five years of direct, hands-on experience performing HITRUST validated assessments, ideally within a public accounting, consulting, or specialized cybersecurity firm.
• Experience supporting engagement, delivery, and working within project teams.
• Demonstrated experience working with U.S.-based and international team members and clients.
• Prior experience with SOC 2, ISO 27001, or other assurance/compliance engagements is strongly preferred.
  
  

DUTIES AND RESPONSIBILITIES

Engagement Delivery & Client Support

• Support multiple concurrent HITRUST readiness and validated assessment engagements from planning through reporting.
• Assist in developing and executing assessment plans, including scope, objectives, and timelines.
• Perform comprehensive risk and gap assessments against the HITRUST CSF, including control design and operating effectiveness testing.
• Review client policies, procedures, technical configurations, and evidence to evaluate conformance with HITRUST CSF, HIPAA, and related regulatory expectations.
• Document findings and contribute to remediation recommendations and roadmaps to support clients’ certification or recertification efforts.

Team Collaboration

• Collaborate with engagement leads and team members to deliver high-quality work products.
• Assist in preparing workpapers, test results, and reports in alignment with firm methodology and HITRUST requirements.
• Provide support and guidance to junior team members as needed.
• Contribute to a collaborative culture that emphasizes quality, client service, and continuous improvement.

Methodology, Quality, and Process Support

• Follow the firm’s HITRUST methodology, templates, and work programs in alignment with the HITRUST Assessment Handbook and Risk Management Handbook.
• Stay current on HITRUST CSF updates, emerging guidance, and related frameworks (e.g., NIST, ISO 27001, SOC 2, HIPAA).
• Support internal quality assurance activities and remediation of identified process gaps.
• Collaborate with cross-functional teams (e.g., SOC, ISO, PCI) to promote consistent, integrated service delivery.

Business Support

• Assist with engagement scoping, documentation, and client deliverables as needed.
• Participate in client meetings, onboarding calls, and status updates.
• Contribute to internal knowledge-sharing and training initiatives on HITRUST and cybersecurity.

SKILLS

Technical Skills

• Strong understanding of the HITRUST CSF, assessment types (e1, i1, r2), and certification lifecycle (readiness, validated assessment, interim assessment, recertification).
• Knowledge of information security and privacy principles, particularly in healthcare or other regulated environments (HIPAA/HITECH, GDPR, NIST 800-53, ISO 27001, SOC 2, PCI, etc.).
• Experience evaluating and testing administrative, technical, and physical security controls in on-prem, cloud, and hybrid environments (AWS, Azure, GCP).
• Familiarity with GRC platforms (e.g., Vanta, Drata) and HITRUST tools (e.g., MyCSF).

Consulting Skills

• Strong organizational and time management skills, with the ability to manage multiple priorities.
• Excellent written and verbal communication skills in English, with the ability to explain technical and regulatory concepts clearly.
• Strong analytical and problem-solving skills; able to identify risk and support practical solutions.
• High level of professionalism, integrity, and client-service orientation.

EDUCATION

Required
Bachelor’s degree in Information Systems, Information Technology, Computer Science, Cybersecurity, Accounting, or a closely related field.

Preferred
Master’s degree in Information Systems, Cybersecurity, Accounting, or related discipline, or MBA with a concentration in technology risk, audit, or accounting.

 

BENEFITS 
Flexible Paid Time Off and paid Holidays 
100% Remote
Competitive salary and benefits package.
Opportunities for professional growth and development.
Collaborative and innovative work environment.
 

Insight Assurance is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Privacy Notice CCPA: 

• Insight Assurance shares your personal data/information with Greenhouse recruiting because this is the tool we use for the recruitment process.
• Insight Assurance does not sell personal data/information under any circumstances.
• You may exercise your rights under personal data protection legislation by reaching out to us via: HR@insightassurance.com or submit a request via mail at 400 N Tampa St. 15th Floor Suite 122, Tampa, FL 33602

Privacy Notice GDPR:

This notice informs you about the categories of Personal Data/ Information and the Purpose and Scope of Processing Activities to be undertaken by Insight Assurance (we, us, our), under its job application and recruitment process.

We resort to Greenhouse.com as the platform that supports our recruitment process, and therefore your Personal Data/ Information will be Processed on this tool (hosted, shared with, cross-referenced, accessed by our team); we have in place contractual terms and the commitment of Greenhouse.com that ensures the Security and Confidentiality plus Purpose limitation with regards to the Processing of your Personal Data.

When you reply to one of your job postings, you voluntarily and freely submit your Personal Data to us; this, allied with the fact that the Processing by us (and over Greenhouse.com) of that Personal Data has the sole Purpose of validating your application and proceeding with the inherent scrutiny and decision, allows us to argue having Legitimate Interest as the applicable Legal Basis to undertake the Processing of your Personal Data under this scope.

We are a U.S. based company, hence some or all Personal Data pertaining to you will be hosted in the U.S.

The categories of Personal Data under Processing consist of:

• Identification
• Contact
• Education and Professional
• Interview performance
• Evaluation

You may exercise several Rights as determined under applicable Personal Data Protection legislation, in short:

• Right of Access – meaning getting information about the Personal Data under Processing by us, except for the information you already know;
• Right of Erasure – you may ask for us to erase all Personal Data pertaining to you under Processing; this may imply you being excluded from the recruitment process, for without information we cannot proceed with it;
• Right of Opposition or Restriction of Processing – you may ask us to stop some Processing or restrict the Processing of some Personal Data, this may imply you being excluded from the recruitment process, at our sole discretion also for without information we cannot proceed with it;
• Rectification – you can rectify your Personal Data at anytime