Associate - Risk Advisory Services

- We are seeking a Senior Associate (HITRUST) to join our growing Risk Advisory Services (RAS) practice with location flexibility throughout our footprint or possibly remote for the right resource.
- As a key member of the RAS team, you will help organizations strengthen their security and compliance posture by testing and validating HITRUST CSF controls.
- Your knowledge of industry frameworks, compliance risks, and the HITRUST assurance program will help you provide clients perspective on their risks, advise them on mitigation strategies, and support them in achieving certification.
- If you are seeking diversity in your engagement work and the opportunity to support clients across a wide array of industries, keep reading.
As a Senior Associate, you will:
- Perform control testing procedures in accordance with the HITRUST CSF and scoring rubric.
- Evaluate evidence for completeness and accuracy against HITRUST illustrated procedures and evaluation elements.
- Document test procedures and conclusions in a manner consistent with HITRUST requirements.
- Assist with readiness assessments, validated assessments, interim procedures, and remediation validation activities.
- Collaborate with team members and managers to ensure the quality of testing, while also working semi-independently on assigned tasks.
- Communicate testing results, findings, and recommendations to engagement leaders and client stakeholders.
- Support project planning, fieldwork, and engagement wrap-up, including the preparation of client deliverables.
Types of projects you can expect:.

- HITRUST CSF Validated Assessments (e1, i1, and r2).
- HITRUST readiness assessments and gap analysis.
- Evidence evaluation and testing across implementation, policy, and procedure domains.
- Risk and compliance assessments aligned to regulatory and industry frameworks (HIPAA, SOC 2, ISO, PCI).
- Ongoing advisory support for clients pursuing or maintaining HITRUST certification.
What you bring to the role:
- HITRUST certification (CCSFP required; additional HITRUST credentials a plus).
- At least 1 year of experience testing HITRUST CSF controls, including assessments accepted by HITRUST.
- Hands-on experience performing implementation-only (e1/i1) and r2 assessments covering policy, procedure, and implementation testing.
- Clear understanding of the HITRUST scoring rubric, sampling requirements, and evaluation methodology.
- Ability to independently review evidence against HITRUST illustrated procedures and determine compliance with evaluation elements.
- Strong organizational skills and the ability to work in a deadline-driven environment with attention to detail.
- Effective written and verbal communication skills, with the ability to clearly document procedures and findings.
- Ability to adapt to rapidly changing environments and work independently while collaborating with the team.
Additional, preferred qualifications:.
- Bachelor's degree in Information Systems, Cybersecurity, Accounting, or a related field.
- Prior experience working in a consulting, public accounting, or professional services environment.
- Experience with other compliance frameworks (SOC 2, HIPAA, ISO, PCI).
- Professional certifications such as CISA, CISSP, CPA, or CIA.
- Familiarity with data analytics or GRC tools (Excel, PowerBI, MyCSF portal, etc.
What we offer you:
- Our shared values that foster inclusion and belonging including uncompromising integrity, collaboration, trust, and mutual respect.
- The opportunity to innovate and do work that motivates and engages you.
- A collaborative environment focused on enabling you to further your career growth and continuous professional development.
- Competitive compensation and a total rewards package that focuses on all aspects of your wellbeing.
- Flexibility to do impactful work and the time to enjoy your life outside of work.
- Opportunities to connect and learn from professionals from different backgrounds and with different cultures.