HITRUST CSF Assessor

HITRUST Lead Auditor, Remote, India

At Prescient Security, we are on a mission to simplify security and compliance.

Our core values are:

• Bring Order to Chaos
• Be Accountable & See it Through
• 1000% With You
• Support & Collaborate
• Think Outside the Box

Summary:

The HITRUST Assessor is responsible for conducting Gap Assessments, Readiness Assessments, and Validated Assessments against the HITRUST Common Security Framework (CSF). The role involves close collaboration with client organizations to evaluate, guide, and validate their security posture and compliance with HITRUST requirements.

The Assessor ensures that all assessment activities are performed in accordance with HITRUST methodology, quality standards, and applicable regulatory expectations.

Essential Duties and Responsibilities:

• Define assessment scope, objectives, and applicable HITRUST CSF controls based on organization type and regulatory factors.
• Conduct kick-off meetings with clients to explain assessment approach, timelines, and expectations.
• Identify key stakeholders, systems, locations, and data flows within scope.
• Develop assessment plans, including timelines, resource allocation, and milestones.
• Perform initial gap analysis to identify control deficiencies against HITRUST CSF requirements.
• Evaluate current state of:
  • Policies and procedures
  • Security controls implementation
  • Risk management practices
• Provide actionable recommendations and remediation roadmap.
• Support client in prioritization of gaps based on risk and compliance impact.
• Assess the organization’s preparedness for HITRUST Validated Assessment.
• Validate implementation status of controls and supporting evidence.
• Identify residual gaps and weaknesses.
• Provide detailed readiness report including:
  • Control maturity levels
  • Missing evidence
  • Improvement recommendations
• Guide clients on documentation and evidence expectations.
• Perform formal HITRUST CSF Validated Assessment in accordance with HITRUST guidelines.
• Evaluate control implementation across domains such as:
  • Information Security
  • Risk Management
  • Access Control
  • Incident Management
  • Business Continuity
• Conduct control testing and validation, including:
  • Sampling techniques
  • Evidence verification
  • Interviews with stakeholders
• Ensure accuracy and completeness of assessment data in HITRUST tools (e.g., MyCSF).
• Review client-provided documentation including:
  • Policies, SOPs, and standards
  • Risk assessments and treatment plans
  • Logs, reports, and system configurations
• Ensure documentation:
  • Meets HITRUST CSF requirements
  • Is consistent, complete, and up to date
• Identify documentation gaps and inconsistencies.
• Act as a trusted advisor to clients throughout the engagement.
• Provide guidance on:
  • Control implementation strategies
  • Industry best practices
  • Compliance alignment (e.g., ISO 27001, SOC 2, HIPAA)
• Support clients in remediation planning and closure of findings.
• Clarify HITRUST requirements without compromising assessor independence.
• Conduct on-site or remote assessments as required.
• Perform:
  • Physical security walkthroughs
  • System demonstrations
  • Interviews with process owners
• Collect and validate audit evidence to support control effectiveness.
• Prepare comprehensive assessment reports, including:
  • Control scores and maturity ratings
  • Observations and findings
  • Non-conformities and gaps
• Ensure quality, accuracy, and traceability of all assessment outputs.
• Submit validated assessment to HITRUST via required platforms.
• Address QA feedback and HITRUST queries during review process.
• Ensure assessments comply with:
  • HITRUST CSF methodology
  • Internal QA requirements
  • Ethical and independence standards
• Participate in internal peer reviews and quality checks.
• Maintain assessment documentation and audit trail.
• Stay updated with:
  • HITRUST CSF updates
  • Regulatory changes
  • Emerging cybersecurity risks
• Contribute to:
  • Internal knowledge base
  • Methodology improvements
  • Training and mentoring junior assessors

Work Skills and Qualifications:

• Strong understanding of:
  • HITRUST CSF
  • Information Security frameworks (ISO 27001, NIST, SOC 2)
• Risk assessment and control evaluation techniques
• Audit and compliance methodologies
• Analytical and problem-solving skills
• Report writing and documentation expertise
• Stakeholder management
• Attention to detail
• Professional skepticism
• Communication and client handling skills
• Integrity and ethical conduct

NOTE: This job description is not intended to be all-inclusive. Employee may perform other related duties as negotiated to meet the ongoing needs of the organization.

Prescient Security provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age disability or genetics.