Job Description:
• Execute healthcare advisory engagements including Governance, Risk, and Compliance (GRC) assessments, gap analyses, and remediation support.
• Support and deliver services across Incident Response (IR), Disaster Recovery (DR), Business Impact Analysis (BIA), and Business Continuity Planning (BCP) engagements.
• Assist with Vendor Risk Management (VRM) and Cybersecurity Supply Chain Risk Management (C‑SCRM) activities for healthcare organizations.
• Develop and update healthcare specific documentation, including: Policies and procedures, Risk assessment reports, System and program documentation, Plans and playbooks
• Collect, analyze, and map client provided evidence to healthcare regulatory and framework requirements.
• Lead client interviews, workshops, and working sessions with IT, compliance, security, and operational stakeholders.
• Manage assigned tasks and deliverables to meet project timelines, utilization targets, and quality expectations.
• Collaborate with Project Managers, Principals, and Directors to support successful engagement execution.
• Contribute to client presentations and status updates.
• Ensure accuracy, consistency, and quality of assigned deliverables.
• Maintain and grow healthcare regulatory and cybersecurity knowledge.
• Pursue and maintain relevant certifications aligned to healthcare advisory services.
• Incorporate feedback from peer review and quality management processes.
• Contribute to thought leadership, white papers, and blogs to expand technical expertise and support practice level objective.
• Travel up to 25–50%, depending on client needs
Requirements:
• 4–6 years of experience in cybersecurity, GRC, compliance, risk management, or related consulting roles.
• Bachelor’s degree in Information Security, Information Systems, Computer Science, Business, or equivalent experience.
• Experience supporting or delivering advisory or assessment engagements in healthcare or regulated environments.
• Working knowledge of healthcare regulations and frameworks, including: HIPAA / HITECH, HITRUST, CMS requirements (as applicable), NIST 800‑series frameworks
• Experience developing compliance documentation and assessment reports.
• Familiarity with cloud based and on-premises IT environments.
• Strong written and verbal communication skills.
• Ability to clearly document and explain compliance and risk concepts.
• Strong attention to detail and organizational skills.
• Ability to manage multiple tasks and deadlines.
• Consulting mindset with the ability to build trust and credibility with clients.
• Comfortable working independently while escalating issues appropriately
• The ability to organize and lead engagement activities while training junior staff on project workflow and both the mechanical and technical aspects of developing project deliverables.
• Dependent on the framework(s) you will be supporting, you must have one or more of the following: HITRUST Certified CSF Practitioner (CCSFP) – for healthcare focus, FedRAMP related certifications (if applicable), CompTIA Security + certification or equivalent work experience, CompTIA Network + certification or equivalent work experience
Benefits:
• paid parental leave
• flexible time off
• certification and training reimbursement
• digital mental health and wellbeing support membership
• comprehensive insurance options