HITRUST’s Director, Assurance Services will be based in Frisco, TX. The position is responsible for leading the team charged with quality review of completed assessments; developing tools and procedures to further automate quality reviews; review and issuance of HITRUST CSF and NIST assessment reports; recruiting and developing resources; and oversight of the Assurance Services program.
Primary Job Functions:
Full operational oversight of the assessment quality assurance review process to ensure consistency in the application of assessment review policies.
Management of 6-10 team members including development and assessment of current team members and recruiting of new team members.
Management of resources for Assurance Services reporting process. This includes; tracking reports submitted, performing Quality Assurance reviews against submissions, working with assessor organizations and their staff to resolve issues, assemble reports, and issuing final deliverables.
Ability to instruct staff on IT Security and Privacy controls against the CSF and across multiple application and infrastructure types.
Development of new tools and processes to streamline the quality assurance review process.
Development and maintenance of quality assurance review policies.
Onsite supervision of team members performing a limited number of HITRUST assessments at customer locations.
Some travel required (less than 25%)
Minimum of twelve (12) years’ experience performing and managing information security assessments, including:
IT Security Reviews, Pen Testing, Vulnerability Assessments, IT Audits, IT GCC reviews, SOX Audits, FFIEC reviews, etc.
Experience with one or more of the following Security frameworks; HITRUST CSF, NIST, ISO, COBIT, ITIL, etc.
Significant previous experience reviewing IT audit and security assessment workpapers including identifying testing deficiencies, control gaps, and articulating residual risk is required.
Deep knowledge of security risk management, analysis and assessment concepts and their application required
Knowledge of multiple technology platforms, networks and infrastructure
Healthcare, Financial or Insurance experience preferred
Familiarity with the application and assessment of safeguards utilizing the HITRUST CSF a plus
Strong analytical skills required; must be detail-oriented with an ability to develop and apply complex concepts
Strong Microsoft Office skills required, including Microsoft Word, PowerPoint and Excel (Access and Visio a plus)
Strong written and verbal communication skills required
Public Speaking skills required
Strong project management skills; ability to organize and track multiple concurrent projects
Must be technically proficient in performing assigned duties at a high level of independence under minimal supervision while working within a team environment
Ability to multitask on assigned initiatives
Able to identify, develop and retain staff
Able to work with assessors and clients to resolve issues and identify mutually beneficial solutions
Effectively coordinate and assist other HITRUST departments and support their staff members
Assist in annual budget development and analysis
Develop and monitor controls within the Assurance Services program
CISSP, CISA, HCISPP, CISM, CIA or similar certification required
Additional Salary Information: Compensation commensurate with ability
Since its founding in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as detailed assessment and assurance methodologies.
For more information, visit HITRUSTAlliance.net.