Senior Audit Analyst

Summary

Join PointClickCare as a HITRUST Audit Lead and play a critical role in ensuring compliance with industry standards and regulatory requirements. Lead the end-to-end HITRUST audit process for various products, coordinating with auditors and control owners. You will also contribute to the GRC function, including third-party risk management and assurance. This role requires extensive experience in HITRUST audits, strong knowledge of security frameworks (NIST SP 800-53), and expertise in multiple HITRUST domains. The ideal candidate possesses technical product knowledge and experience with various security solutions. PointClickCare offers a competitive salary and a comprehensive benefits package.

Requirements

• 5+ years performing or leading HITRUST audits
• CISSP certification or equivalent
• Strong knowledge of NIST SP 800-53 framework
• Expertise in at least 7 out of the 19 HITRUST domain areas, particularly Access Controls, Networking and Application/Code Security
• Technical product knowledge and hands-on experience with SIEM, Firewall, EDR, Encryption, GRC, Vulnerability Management, DAST/SAST, and LMS solutions
• Proficient in managing and implementing security controls for both SaaS-based and on-premises systems
• Hands-on experience with at least one GRC tool
• Hands-on experience with configuration management and control solutions
• Ability to challenge and advise control owners on their processes and controls, including the ability to engage in productive dialogue to drive improvements
• Practical knowledge of firewall, switches and router configurations, with the ability to assess and review network security devices and settings
• Strong technical acumen and background, with the ability to engage technical teams on system configurations and control implementation for a secure infrastructure
• Ability to interpret audit requirements (Control Specifications and Requirement Statements) to articulate required controls to environment owners

Responsibilities

• Lead the HITRUST audit lifecycle for various lines of businesses and products, including coordinating with Auditors, control owners, collecting and reviewing evidence, addressing audit requirements and discrepancies, and ensuring the organization meets all HITRUST audit criteria
• Review various products to determine audit compliance and advise on product-security requirements in alignment with audit requirements
• Act as the organization's HITRUST expert and advisor, advising other departments on compliance, best practices and process improvements, including providing guidance on aligning internal controls, processes, and procedures with various audit requirements (FEDRAMP, SOC etc.) and ensuring on-going compliance
• Coordinate and support certain aspects of the TPRM process, including contributing to pre-sales and post-sales discussions, providing organizational information to prospects and customers, and ensuring third-party relationships comply with our compliance standards
• Ensure the organization's on-going compliance with internal policies and external regulations by creating, maintaining and operationalizing policies and procedures, conducting regular internal reviews, and managing related assurance activities
• Support the risk identification, assessment and mitigation efforts across the organization, ensuring that all key risks are effectively monitored and controlled in alignment with the risk management framework

Preferred Qualifications

Strong familiarity with, or experience in leading additional audits and assessments including but not limited to FEDRAMP, SOC 1, SOC 2 etc

Benefits

• Retirement Plan Matching
• Flexible Paid Time Off
• Wellness Support Programs and Resources
• Parental & Caregiver Leaves
• Fertility & Adoption Support
• Continuous Development Support Program
• Employee Assistance Program
• Allyship and Inclusion Communities
• Employee Recognition