HIPAA Security Risk Assessment Analyst

HIPAA Risk Assessment Analyst

100% Remote

2 Months Contract

Role Summary:

• The role on this engagement will be support a HIPAA Security Risk Assessment for a large public university health environment. This role will provide handson execution support under the direction of an Engagement Manager and senior team members. The contractor will assist with evidence review, documentation, interviews, and tracking across administrative, physical, and technical HIPAA safeguards.

Key Responsibilities

• Support execution of a HIPAA Security Risk Assessment aligned to the HIPAA Security Rule

• Review and organize evidence and documentation (policies, procedures, logs, inventories, screenshots)

• Assist with questionnaire analysis and identification of gaps, inconsistencies, or followup needs

• Participate in and document stakeholder interviews and walkthroughs

• Update trackers (e.g., APG, DRL, gap logs) and maintain audit trails

• Draft clear, concise workpapers, summaries, and preliminary observations

• Escalate issues, ambiguities, or potential risks to senior team members

• Follow established assessment methodology and documentation standards

• Act with integrity, professionalism, and personal responsibility to uphold the firms respectful and courteous work environment.

Preferred Qualifications

• Prior experience supporting:

• HIPAA Security Risk Assessments

• SOX ITGCs or IT audits

• Healthcare or academic medical environments

• Familiarity with access controls, incident response, risk analysis, or contingency planning

• Experience using Excel, SharePoint, or similar tracking tools

• Certifications a plus but not required (e.g., CISA, CISSP, HCISPP)