Risk Management consultants assist lead projects for clients based on Fortrex proprietary methods. Projects generally consist of a policy, process and technical review to evaluate compliance to a certain baseline or standard. The analyst must have a working knowledge of the security and privacy controls found in at least one common security framework, methodology, or standard – preferably in the healthcare industry: NIST 800-53, ISO 27001/27002, SOC2/Type 2, HIPAA Privacy and Security rules, CMS ARS – High Requirements, and/or HITRUST CSF. Projects generally consist of an interview period, review of documentation, onsite testing, and analysis for areas of improvement. Upon completion, the consultant compiles their findings into a written report and may be asked to summarize those findings into a brief presentation. Excellent written and verbal communication is expected, good project management skills is a “must”.
To compliment the understanding of controls, the candidate should possess a base of technical knowledge of the infrastructure, operating systems, and security applications that support a secure environment. Consultants must have a basic understanding of the functions of an IT or security department. Basic familiarity with access controls, logging functions, encryption methods, backup and recovery functions, patching of operating system or applications, and/or help desk functions is helpful. Participation with industry groups and/or the ability to research the latest trends in security and privacy is a bonus.
Additionally, Candidates must be able to demonstrate positive relationships within prior work experience, an ability to deliver quality results within a specific set of goals (including financial), and have unquestionable ethics. Candidates must be willing to travel 25-30%, and provide at least three references.
Fortrex, LLC is a Drummond Group company that has been focused on IT security, operational risk, and regulatory compliance since 1997. Our corporate mission is to be our clients’ long-term, trusted security, risk management, and compliance advisors. As a member of the Drummond Group family, our capabilities also include SOC testing, penetration testing, social engineering, and EHR testing. While primarily a healthcare industry servicing organization, we also serve the financial industry through FFIEC, PCI, and ISO certification. Our analysts use proven methodology and tools in the course of services to provide expert technical or compliance exams, risk assessments, or certifications to such measures as HITRUST, SOC2+HITRUST, ISO, NIST, and HIPAA – and just about anything in between. We provide risk reporting services that our customers have come to rely upon to communicate their risk posture to clients, partners, auditors, and investors. We are experts at what we do and we execute to our clients’ desires without flaw.
If you have a need to be a part of a winning team, have the technical, regulatory, verbal and written skills to be a top-notch consultant, and you can demonstrate superb client service skills, we are looking for you!
Requirements: (at least half of these requirements should apply to the candidate)
- At least 3 years work experience
- Prior experience in such fields as: healthcare, regulation development, consulting, IT audit, medical application implementation, information technology, security management, third party audit, governance, risk management, or compliance is preferred.
- Knowledge of methodologies such as: HITRUST CSF, ISO/IEC 27001/2, SOC, NIST Special Publication 800-53, and regulations such as HIPAA, EU GDPR, or GLBA
- Involvement, experience, or knowledge of Active Directory, firewalls, encryption/SSL, 2-factor authentication types, virus software, threat management, or other technologies
- Participation or involvement with incident reporting processes, disaster recovery testing, change management, and/or other IT functions.
- Ability to translate technical knowledge to non-technical audiences
- Strong written and oral communication skills. (Candidates will be tested)
- Professional certifications such as HITRUST CCSFP, CISSP, CISM, CRISC, CISA, CEH, and/or ISO will be considered.
- Ability to work independently with a high degree of accountability.
- Bachelor degree, preferably in IT Risk, Information Technology, Computer Science, or Business; or equivalent experience required. Fortrex will evaluate the accreditation status of the universities and the accreditation status of the degree conferred
This position will work remotely.
Drummond Group is an Equal Opportunity Employer. This company does not and will not discriminate in employment and personnel practices on the basis of race, sex, age, disability, religion, national origin or any other basis prohibited by applicable law. Hiring, transferring and promotion practices are performed without regard to the above-listed items