Senior Information Security Quality Analyst

Description

The HITRUST Quality department is looking for a Senior Information Security Quality Analyst at our Frisco, Texas office.

Be a part of the future of information risk management In a dynamic and agile environment. 

•  Are you detail-oriented? Do you thrive working on your own, but aren’t afraid to turn to others if necessary?
•  Is QUALITY important to you? Would you enjoy being in a rapidly growing company, with a family feel? 
•  Do you enjoy working for small, agile companies?

If you said yes to these questions, HITRUST may be just the career home you are looking for. We are currently searching for an Information Security Quality Analyst in our Frisco office location. The Senior Information Security Quality Analyst is a mid-level, but vital, position, overseeing our core product where you will be responsible for the quality of the certifications – gatekeeper over the integrity of HITRUST’s product. You will rarely be required to travel, making this the perfect job for someone looking to be closer to home. We are looking for a strong communicator and analytical problem-solver who can work alongside our Assurance team, Standards department, External Assessors and Customers in a straight-forward manner. The ideal candidate will have a background in IT audit and will be able to demonstrate IT security or security assessment experience.

Duties & Responsibilities:

• Perform HITRUST quality reviews ensuring assessment adherence to the HITRUST Assessment Handbook criteria.
• Review HITRUST assessment reports and certifications prior to issuance.
• Lead the escalated quality assurance reviews of HITRUST assessments when necessary. 
• Identify and investigate actual and suspected breaches occurring in HITRUST certified environments.
• Monitor HITRUST certifications and External Assessors for adherence to the HITRUST Assessment Handbook criteria.
• Design reports which analyze HITRUST assessments and trends.
• Write and post thought leadership providing market education and awareness on various cybersecurity topics.
• Contribute to the Quality department goals and initiatives, including collaborating with other departments (e.g., Legal, Information Security, Assurance, HR, etc.) as needed.
• Review and contribute to HITRUST’s internal policies and procedures for the general operation of the company and its quality  program to prevent and detect unethical or improper conduct.

Required Qualifications: 

• Bachelor’s degree from an accredited college/university or equivalent work experience
• This position requires 3 to 7 years of experience performing and reviewing IT audits, such as SOC 2 reports, IT Security Reviews, IT general controls reviews, etc.
• Strong knowledge of security risk management, analysis and assessment concepts and their application 
• Proven ability to leverage AI to enhance efficiency and productivity
• Ability to manage multiple projects simultaneously and adapt to shifting priorities 
• Strong analytical skills required; must be very detail-oriented with an ability to develop and apply complex concepts 
• Interpersonal project management skills; ability to organize and track project tasks 
• Ability to effectively communicate complex information in a clear and concise manner
• Ability to work independently and effectively manage others

Preferred Qualifications:

• HITRUST experience as an External Assessor or similar role (e.g. Internal Audit) within a HITRUST Assessed Entity
• Public accounting experience in an IT audit role
• Experience designing reports in Domo, or other data analytics tools
• History of writing blogs, thought leadership, educational material, LinkedIn posts, etc. on cybersecurity topics
• Understanding of the criteria within the HITRUST Assessment Handbook
• Experience in executing, leading, and/or reviewing HITRUST Assessments.
• Experience in reviewing complex, controls-focused inspections and assessments performed by other teams
• Experience in assessing control maturity against a defined control maturity evaluation framework
• Experience in working with NIST SP 800-53, NIST SP 800-30, the NIST Cybersecurity Framework, ISO 27001/2, and/or the HITRUST CSF
• CCSFP and/or CHQP certification
• CISA, HCISPP, CISM, CIA, CISSP or similar certification 

About Us: 

HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 50 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solutions, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risk management and compliance.

HITRUST is an equal opportunity employer that is committed to diversity and inclusion in the workplace. 

We prohibit discrimination and harassment of any kind based on race, color, region, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.