Experienced International Compliance Auditor (HITRUST / NATO)Latin America (Remote); Panama (Remote)
Experienced International Compliance Auditor (HITRUST / NATO) Insight Assurance is a security and compliance firm trusted by over 1200 organizations for their SOC 2, PCI DSS, ISO 27001, and HIPAA audit needs. Insight Assurance is a licensed CPA firm, PCI Qualified Security Assessor (QSA), and ISO 27001 Certification Body founded by former Big-4 professionals (Former EY) looking to simplify the world of IT compliance. Job Purpose We are seeking a highly skilled compliance auditor who has secured their CMMC Certified Professional (CCP) certification or would be able to secure their CCP within six months, to join our secure team which assesses client's ability to safeguard government data. The ideal candidate will have demonstrated experience leading compliance initiatives in regulated environments, ensuring adherence to complex regulatory frameworks, and knowledge of CMMC and NIST. Due to the legal requirement of this role, applicants must hold full or dual citizenship in the U.S., Australia, a NATO member country
- (listed below), or South Korea, and be able to produce a valid passport. Strong analytical, communication, and collaboration skills are essential to successfully work within our cross-functional teams and with external clients. This is a unique opportunity to make a meaningful impact on data security while working in a dynamic, fast-paced, high-stakes environment.
Duties And Responsibilities
- Assessment Planning : Develop a comprehensive assessment plan outlining the scope, objectives, and methodology for evaluating the organization's cybersecurity practices and controls.
- Evaluate Compliance : Assess the organization's adherence to the HITRUST and CMMC frameworks by reviewing policies, procedures, and technical security controls to ensure they meet the required maturity level.
- Data Collection : Gather and analyze relevant documentation, including system configurations, security policies, incident response plans, and training materials.
- Conduct Interviews : Engage with key personnel within the organization to understand the implementation of cybersecurity practices and gauge their familiarity with security protocols.
- Risk Assessment : Identify potential risks and vulnerabilities in the organization's cybersecurity posture, determining their potential impact on safeguarding governmental data.
- Reporting Findings : Create detailed reports that document assessment findings, highlighting areas of compliance and non-compliance, along with recommendations for improvement.
- Provide Guidance : Offer expert advice and best practices to help organizations enhance their cybersecurity measures and achieve compliance with HITRUST and CMMC requirements.
- Follow-Up Assessments : Conduct follow-up assessments to verify that corrective actions have been implemented, and that the organization is on track to achieve or maintain compliance.
- Continuous Learning : Stay updated on changes in the HITRUST and CMMC frameworks, cybersecurity threats, and mitigation strategies to provide the most relevant and effective assessments.
- Client Interaction : Maintain clear communication with clients throughout the assessment process to ensure understanding and facilitate collaboration.
Specific Duties
- Assist the Lead assessor in gathering and evaluating assessment evidence.
- Evaluates the design and effectiveness of controls.
- Identifies and communicates preliminary assessment findings for daily checkpoint meetings.
- Foster stakeholder relationships through proactive communication with clients, colleagues and partners.
- Proactively communicate with management regarding any potential issues.
Skills
- Excellent oral and written communication skills.
- Ability to work individually as well as collaboratively.
- A high degree of motivation.
- Fluency in English is required.
Education Bachelor's degree in accounting, business, cyber security, or management information systems. Experience At least 1-3 years of experience performing IT audit engagements at a Big 4 or other audit / consulting firm. Experience using GRC and compliance automation tools (Vanta, Drata, SecureFrame) is a plus. Training and Certifications Candidates with an active or working towards RP, RPA, or CCP certification. The ideal client will already possess a CISA, CPA, or CISSP certification. As part of this role you will also be required to complete CMMC training within your first 6 months. Once Tier 3 suitability has been achieved, participation with the CMMC service line will be expected. A candidate on a path to secure a CMMC certification within six months must possess an approved Intermediate Certification, such as :
- (ISC)2 CGRC / CAP
- CompTIA CASP+
- CompTIA Cloud+
- CompTIA PenTest+
- CompTIA Security+
- GIAC GSEC
Benefits
- Flexible Paid Time Off and paid Holidays
- Quarterly Performance Bonuses
- 100% Remote
- Competitive salary and benefits package.
- Opportunities for professional growth and development.
- Collaborative and innovative work environment.
Insight Assurance is an equal-opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
- NATO Country Listing :
- Australia
- Barbados
- Belgium
- British Virgin Islands
- Canada
- Croatia
- Czech Republic
- Denmark
- Estonia
- Finland
- France
- Germany
- Greece
- Hungary
- Iceland
- Italy
- Latvia
- Lithuania
- Luxembourg
- Montenegro
- Netherlands
- Norway
- Poland
- Portugal
- Romania
- Slovakia
- Slovenia
- South Korea
- Spain
- Sweden
- Turkey
- US Virgin Islands
- United Kingdom
- United States
Apply tot his job Apply To this Job