Consultant - HITRUST

1 week ago


Cochin, Kerala, India ValueMentor Full time ₹ 12,00,000 - ₹ 36,00,000 per year

Key Responsibilities

  • Lead and execute HITRUST (e1, i1, r2) assessments and audits:
  • Conduct control testing and evidence validation.
  • Review client-prepared documentation for adequacy and effectiveness.
  • Evaluate business processes and control requirements.
  • Prepare and maintain HITRUST workpapers and related documentation in line with required methodologies.
  • Create gap remediation action plans and provide consultative guidance to clients on addressing identified control weaknesses.
  • Deliver SOC 2 assessments (readiness or attestation support), including testing of controls and preparing required documentation.
  • Draft detailed reports, including assessment findings, observations, and recommendations; present results to client stakeholders.
  • Work collaboratively with clients to ensure engagement success, proactively addressing questions, concerns, and opportunities for improvement.
  • Manage multiple concurrent projects while adhering to timelines and deliverable schedules.
  • Assist clients with internal and external audit readiness and corrective action implementation.
  • Facilitate workshops, security awareness sessions, and management reviews as needed.
  • Stay updated on HITRUST, SOC 2, ISO 27001, and regional regulatory requirements, providing advisory support based on emerging industry trends.
  • Willingness to adjust working hours to align with client time zones (IND/US/EU) as required by project engagements

Deliverables and Outcomes

  • Hands-on experience with HITRUST CSF assessments (e1, i1, r2) and/or SOC 2 (Trust Services Criteria).
  • Strong knowledge of ISO 27001:2022 and ISO 27002 controls, ISO risk management), and related frameworks.
  • Familiarity with regulatory environments such as HIPAA, GDPR, and other data protection laws.
  • Experience conducting internal/external audits, gap assessments, and managing certification/attestation engagements.
  • Understanding of information security principles (CIA) and their application in enterprise environments.
  • Working knowledge of cloud security and common platforms (Azure, AWS, GCP).
  • Exposure to security operations and GRC tools.
  • Strong documentation and reporting skills; ability to present findings effectively to senior stakeholders.

Key Skills

  • Hands-on experience with HITRUST CSF assessments (e1, i1, r2) and/or SOC 2 (Trust Services Criteria).
  • Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2
  • Familiarity with regulatory environments such as HIPAA, GDPR, and other data protection laws.
  • Experience conducting internal/external audits, gap assessments, and managing certification/attestation engagements.
  • Understanding of information security principles (CIA) and their application in enterprise environments.
  • Working knowledge of cloud security and common platforms (Azure, AWS, GCP).
  • Exposure to security operations and GRC tools.
  • Strong documentation and reporting skills; ability to present findings effectively to senior stakeholders.

Competencies

  • Analysis Skills
  • Independence
  • Customer Focus
  • Communications- Oral & written
  • Persuasion
  • Adaptability to Change