Overview:
Our client is seeking an Information Systems Auditor to provide an enterprise system risk assessment for Health and Human Services systems containing ePHI (protected health information).
General Scope:
Our client is seeking an Information Systems Auditor to provide an enterprise system risk assessment for Health and Human Services systems containing ePHI (protected health information).
General Scope:
- Creating Security Assessment Plan (SAP), working with Information Security Officer to schedule for completing the risk assessment on ePHI applications, and the assessment procedures planned for assessing each control.
- Security risk assessment of security controls required to protect confidentiality, integrity and/or availability of systems creating, receiving, maintaining, or transmitting ePHI.
- Frameworks used for assessment: Security and privacy risk according to the NIST SP 800-53 Rev 5.1.1 Security and Privacy Controls for Information Systems and Organizations framework and the Security Risk Assessment Tool Version 3.4 issued by the U.S. Department of
- Health and Human Services, Office of Civil Rights to assist in determining adherence of the HIPAA Security Rule.
- Prioritize and perform risk assessments on ePHI applications hosted on-premise; if time permits within the one-year engagement, vendor-hosted applications will be assessed.
- Deliver a Security Assessment Report (SAR) to include a report of findings and recommendations to correct the risks identified in the findings.
- Assist Senior Information Security Officers with internal and external audits, including requesting artifacts, submitting responses and artifacts, and working with the risk team on identified findings.
Required Experience:
- 2 years experience
- HIPAA (Office of Civil Rights), Centers for Medicare and Medicaid Services (CMS)
Preferred Experience
- ISACA certification
- CRISC or CISA
- ISC(2) certification: CGRC
Additional Notes:
- Fully Remote Position