Experienced HITRUST Assessment Manager

Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, we deliver next-generation audit services across SOC 2, ISO 27001, PCI DSS, HITRUST, CMMC, and FedRAMP frameworks. 

We’re not your traditional audit firm — we’re tech-enabled, leveraging compliance automation and advanced collaboration tools to make audits faster, smarter, and more impactful for our clients. 

Recognized on the Inc. 5000 and Fast 50 lists, Insight Assurance is one of the fastest-growing global audit firms, with 180+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC. 

 

JOB PURPOSE 

The HITRUST Assessment Manager is responsible for leading and managing HITRUST readiness and validated assessment engagements for clients, with a focus on healthcare and other highly regulated industries. This role combines hands-on assessment work with people leadership, overseeing a Panama-based team that supports global clients. It ensures high-quality deliverables, efficient project execution, and a consistent, standards-driven approach aligned with the HITRUST CSF and related frameworks. 

DUTIES AND RESPONSIBILITIES

Engagement Delivery & Client Management 

• Lead multiple concurrent HITRUST readiness and validated assessment engagements from planning through reporting. 

• Develop and execute assessment plans, including scope, objectives, timelines, and resource allocation. 

• Conduct and oversee comprehensive risk and gap assessments against the HITRUST CSF, including control design and operating effectiveness testing. 

• Review client policies, procedures, technical configurations, and evidence to evaluate conformance with HITRUST CSF, HIPAA, and related regulatory expectations. 

• Develop clear, actionable remediation recommendations and roadmaps to support clients’ certification or recertification efforts. 

 

Team Leadership & People Management 

• Directly supervise a team of HITRUST assessors/consultants, including assigning work, providing coaching, and performing performance feedback and periodic evaluations. 

• Review and quality-check team deliverables (workpapers, test results, reports) to ensure alignment with firm methodology and HITRUST requirements. 

• Provide ongoing training, mentoring, and technical guidance to develop the team’s HITRUST, security, and audit capabilities. 

• Help build a positive, collaborative culture that emphasizes quality, client service, and continuous improvement. 
  
  

Methodology, Quality, and Process Improvement 

• Contribute to the design, enhancement, and maintenance of the firm’s HITRUST methodology, templates, and work programs in alignment with the HITRUST Assessment Handbook and Risk Management Handbook. 

• Stay current on HITRUST CSF updates, emerging guidance, and related frameworks (e.g., NIST, ISO 27001, SOC 2, HIPAA) and translate changes into internal procedures and client guidance. 

• Support internal quality assurance reviews and remediation of identified process gaps. 

• Collaborate with cross-functional teams (e.g., SOC, ISO, PCI) to promote consistent, integrated service delivery. 
  
  

Business Support & Practice Development (as applicable) 

• Assist leadership in estimating the level of effort, scoping new engagements, and contributing to proposals and statements of work. 

• Participate in client presentations, onboarding calls, and status meetings. 

• Contribute to thought leadership (e.g., internal training, knowledge articles, or external content) related to HITRUST, cybersecurity, and risk management. 

 

SKILLS

Technical Skills 

• Deep understanding of the HITRUST CSF, assessment types (e.g., e1, i1, r2), and certification lifecycle (readiness, validated assessment, interim assessment, recertification). 

• Strong knowledge of information security and privacy principles, particularly in healthcare or other regulated environments (HIPAA/HITECH, GDPR, NIST 800-53, ISO 27001, SOC 2, PCI, etc.). 

• Experience evaluating and testing administrative, technical, and physical security controls in on-prem, cloud, and hybrid environments (AWS, Azure, GCP). 

• Proficiency with GRC platforms (e.g., Vanta, Drata) and HITRUST tools (e.g., MyCSF) and common productivity tools. 
  

Consulting & Management Skills 

• Strong project management skills: able to manage multiple deadlines, prioritize work, and drive engagements to completion on time and within scope. 

• Excellent written and verbal communication skills in English, with the ability to explain complex technical and regulatory topics to both technical and non-technical audiences. 

• Demonstrated ability to lead and develop teams, including setting expectations, providing feedback, and supporting career growth. 

• Strong analytical and problem-solving skills; able to identify risk, articulate impact, and recommend pragmatic solutions. 

• High level of professionalism, integrity, and client-service orientation. 
  

EDUCATION 

Required 

• Bachelor’s degree in Information Systems, Information Technology, Computer Science, Cybersecurity, Accounting, or a closely related field. 

Preferred 

• Master’s degree in Information Systems, Cybersecurity, Accounting, or related discipline, or MBA with a concentration in technology risk, audit, or accounting. 
  
  

EXPERIENCE 

• Minimum five years of direct, hands-on experience performing HITRUST validated assessments, ideally within a public accounting, consulting, or specialized cybersecurity firm. 

• Minimum two years of experience in a formal management or team lead role (e.g., managing staff/seniors, overseeing engagement teams, or running a regional delivery team). 

• Demonstrated experience working with U.S.-based and international team members and clients and navigating cross-border, remote-delivery engagement models. 

• Prior experience with SOC 2, ISO 27001, or other assurance/compliance engagements is strongly preferred. 
  
  

TRAINING AND CERTIFICATIONS 

Required 

• One or more relevant information security/audit certifications such as CISA, CISSP, CISM, CRISC, or similar. 

• Active Certified HITRUST CSF Practitioner (CCSFP) certification (or ability to obtain within three months after hire). 

• Demonstrated formal training in HITRUST assessment methodology and MyCSF usage. 
  
  

LANGUAGE 

• Fluent English (spoken and written) required. 

• Spanish language skills strongly preferred. 

BENEFITS 
Flexible Paid Time Off and paid Holidays 
Quarterly Performance Bonuses
Full-time employee of our Panamanian entity
Competitive salary and benefits package.
Opportunities for professional growth and development.
Collaborative and innovative work environment.
 

Insight Assurance is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Privacy Notice CCPA: 

• Insight Assurance shares your personal data/information with Greenhouse recruiting because this is the tool we use for the recruitment process.
• Insight Assurance does not sell personal data/information under any circumstances.
• You may exercise your rights under personal data protection legislation by reaching out to us via: HR@insightassurance.com or submit a request via mail at 400 N Tampa St. 15th Floor Suite 122, Tampa, FL 33602

Privacy Notice GDPR:

This notice informs you about the categories of Personal Data/ Information and the Purpose and Scope of Processing Activities to be undertaken by Insight Assurance (we, us, our), under its job application and recruitment process.

We resort to Greenhouse.com as the platform that supports our recruitment process, and therefore your Personal Data/ Information will be Processed on this tool (hosted, shared with, cross-referenced, accessed by our team); we have in place contractual terms and the commitment of Greenhouse.com that ensures the Security and Confidentiality plus Purpose limitation with regards to the Processing of your Personal Data.

When you reply to one of your job postings, you voluntarily and freely submit your Personal Data to us; this, allied with the fact that the Processing by us (and over Greenhouse.com) of that Personal Data has the sole Purpose of validating your application and proceeding with the inherent scrutiny and decision, allows us to argue having Legitimate Interest as the applicable Legal Basis to undertake the Processing of your Personal Data under this scope.

We are a U.S.-based company, hence some or all Personal Data pertaining to you will be hosted in the U.S.

The categories of Personal Data under Processing consist of:

• Identification
• Contact
• Education and Professional
• Interview performance
• Evaluation

You may exercise several Rights as determined under applicable Personal Data Protection legislation, in short:

• Right of Access – meaning getting information about the Personal Data under Processing by us, except for the information you already know;
• Right of Erasure – you may ask for us to erase all Personal Data pertaining to you under Processing; this may imply you being excluded from the recruitment process, for without information we cannot proceed with it;
• Right of Opposition or Restriction of Processing – you may ask us to stop some Processing or restrict the Processing of some Personal Data, this may imply you being excluded from the recruitment process, at our sole discretion also for without information we cannot proceed with it;
• Rectification – you can rectify your Personal Data at anytime