SRC HITRUST Senior Associate

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

At PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice, and solutions. They help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively.

As a risk management generalist at PwC, you will provide advisory and practical support to teams across a wide range of specialist risk and compliance areas.

Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow.

Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:

• Respond effectively to the diverse perspectives, needs, and feelings of others.
• Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems.
• Use critical thinking to break down complex concepts.
• Understand the broader objectives of your project or role and how your work fits into the overall strategy.
• Develop a deeper understanding of the business context and how it is changing.
• Use reflection to develop self awareness, enhance strengths and address development areas.
• Interpret data to inform insights and recommendations.
• Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements.

The HIPAA/HITRUST Compliance Specialist will play a vital role in ensuring that company's data security and privacy practices meet the necessary regulatory requirements. The ideal candidate should have a strong understanding of HIPAA (Health Insurance Portability and Accountability Act) regulations and HITRUST (Health Information Trust Alliance) standards, possess excellent communication and organizational skills, and be able to work independently as well as part of a team.

The HITRUST and HIPPA Experienced Associate is expected to assist in the following activities:

● Conduct security assessments and audits for healthcare or healthcare technology environment.

● Identify and assess security risks and vulnerabilities.

● Effectively collaborate with cross-functional teams and stakeholders.

● Prioritize and manage multiple tasks and projects simultaneously.

● Familiarity with security tools and technologies used for vulnerability scanning, penetration testing, and risk management.

● Develop and maintain policies and procedures that align with HIPAA and HITRUST requirements.

● HITRUST Readiness and validated assessments.

● Ability to work independently, prioritize tasks, and meet deadlines in a dynamic and fast-paced environment.

● Stay up-to-date with the latest changes and updates to HIPAA and HITRUST regulations and communicate relevant information to key stakeholders.

● Assist in the development and delivery of compliance training programs for team members to ensure awareness and adherence to HIPAA and HITRUST guidelines.

Years of Experience

● Minimum of 4-8 years of experience working with HIPAA and HITRUST compliance regulations in a healthcare or related industry. 3+ relevant experience in HITRUST Common Security Framework (CSF) Assessments, HIPAA Assessments and Security Risk Analysis, NIST 800-53, NIST 800-171. Position Requirements

● Conduct Maturity assessments based on HITRUST CSF and HIPAA

● Conduct HIPAA Security Risk Analysis

● Perform gap assessments and Control testing using HITRUST standard/frameworks.

● Good understanding of compliance standards/frameworks like ISO 27001/27002, NIST, HITRUST, PCI DSS, Cyber Maturity assessments, SOC2 etc. will be an advantage.

● Experience conducting compliance audits, risk assessments, and developing policies and procedures.

● Excellent written and oral communication skills, can express thoughts clearly, knows how to listen and is able to contribute in a team environment. Desired Knowledge

● In-depth knowledge and understanding of HITRUST and HIPAA regulations and security requirements.

● HITRUST CSF Assessments, HIPAA Assessments and Security Risk Assessments.

● Excellent leadership, teamwork and collaboration skills.

● Ability to quickly acquire and utilize knowledge on new technologies and solutions, emerging threats and vulnerabilities.

Desired Skills

● Excellent written and oral communication and interpersonal skills to effectively collaborate with cross-functional teams and present compliance information to stakeholders.

● Results oriented, high energy, self-motivated.

Professional and Educational Background

● MCA / BE / B Tech

● Certification(s) Required: Certified Information Systems Auditor (CISA) / Certified Information Security Manager (CISM) / Certified in Risk and Information Systems Control (CRISC)

● Certification(s) Preferred: Certified Information Systems Security Professional (CISSP) / CCSFP (HITRUST Certified CSF Practitioner).

Additional Information Travel Requirements: Not Applicable

● Line of Service: Advisory

● Industry: Consulting

● Location: Bangalore, Hyderabad, Mumbai, Chennai, Pune

© 2020 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a se

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Anti-Money Laundering (AML), Coaching and Training, Communication, Compliance Advisement, Compliance Oversight, Compliance Program Implementation, Compliance Risk Assessment, Confidential Information Handling, Contract Review, Contractual Risk Mitigation, Contractual Risk Monitoring, Contract Writing, Creativity, Crisis Management, Data Loss Prevention (DLP), Data Security, Discretion and Business Ethics, Embracing Change, Emotional Regulation, Empathy, Financial Risk Management {+ 32 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date