IT Systems Security Auditor
- Job Title
- IT Systems Security Auditor
- Job ID
- Nashville, TN 37221
- Other Location
The Senior IT Systems Security Auditor will be responsible for the design, implementation and execution of HITRUST + SOC 2 Type 2 Readiness Assessment of an internal cloud based application. The successful candidate will develop a comprehensive audit plan to evaluate application readiness for a HITRUST + SOC 2 Type 2 audit and identify and document remediation efforts required to pass the audit. The application specifically must be compliant with the HITRUST Common Security Framework (CSF). This position requires business acumen as well as substantial IT audit experience.
- Education: Bachelors degree preferred or equivalent experience; Masters degree a plus.
- 8+ years of continuous experience with Information Technology and Security audits.
- One or more of these certifications preferred: CISA or CISM, CISSP, or CRMA.
- Familiarity with the HITRUST CSF or another security framework methodology, such as NIST, ISO, COBIT, ITIL, etc.
- Understanding of threats, vulnerabilities, and remediation options for key health care technologies and practices and the ability to convert this to an actionable plan specific to the organization.
- Expert comprehension of technical language and the ability to translate that language to executives.
- Ability to plan and lead audit assignments in a timely and professional manner in accordance with the institute of Internal Auditors (IAA) standards.
- Understanding of NIST risk assessment methodology and risk management processes.
- Plan and perform HITRUST + SOC 2 Type 2 readiness assessment of a cloud based application.
- Develop a gap analysis of remediation efforts.
- Provide recommendations to management for strengthening controls, ensuring compliance with policies and effective operations
- Develop an audit plan which conforms to NIST and the HITRUST Common Security Framework (CSF)
- Monitor and report upon Corrective Action Plans for HITRUST and health plan gap remediations
- Design and develop controls/processes which mitigate risks and/or remediate gaps identified
- Develop testing methodologies to evaluate the adequacy of security controls