Job Openings Remote Senior Cybersecurity & Compliance Consultant (HIPAA, NIST & SOC 2)

About the job Remote Senior Cybersecurity & Compliance Consultant (HIPAA, NIST & SOC 2)

Job Summary:


We are seeking a Remote Senior Cybersecurity & Compliance Consultant (HIPAA, NIST & SOC 2) to lead cybersecurity and compliance engagements for clients in healthcare, professional services, and other regulated industries. This role serves as a trusted advisor, providing strategic guidance on cybersecurity, risk management, compliance, and security best practices while supporting clients through assessments, remediation efforts, and ongoing security initiatives. The ideal candidate possesses strong technical cybersecurity expertise combined with deep knowledge of compliance frameworks including HIPAA, NIST, and SOC 2. Responsibilities include conducting cybersecurity and compliance assessments, evaluating security postures, identifying risks and security gaps, developing remediation plans, assisting with policy and procedure development, preparing professional assessment reports, delivering security awareness and phishing training programs, and supporting virtual CISO (vCISO) engagements. This position requires the ability to work independently, communicate effectively with executives, IT teams, compliance officers, and end users, and translate complex security and compliance requirements into practical, business-focused recommendations. The successful candidate will be comfortable leading client meetings, explaining compliance obligations, providing actionable guidance, and helping organizations strengthen their cybersecurity programs while meeting regulatory and industry standards.

Key Responsibilities:

Cybersecurity & Risk Assessments

  • Conduct cybersecurity risk assessments
  • Perform HIPAA Security Rule assessments
  • Conduct NIST Cybersecurity Framework evaluations
  • Assist with NIST 800-53 and NIST 800-171 assessments
  • Participate in SOC 2 readiness reviews and gap analyses
  • Review technical security controls
  • Identify vulnerabilities and compliance deficiencies
  • Develop remediation recommendations

Security Consulting

  • Participate in client meetings as a cybersecurity advisor
  • Explain technical and compliance concepts to non-technical stakeholders
  • Assist organizations with security program development
  • Support clients with audit preparation
  • Provide guidance on security best practices
  • Assist with vendor security reviews
  • Support incident response and security investigations

Compliance & Documentation

  • Draft and review security policies and procedures
  • Develop risk management documentation
  • Create remediation plans and corrective action plans
  • Assist with compliance evidence collection
  • Maintain assessment reports and client documentation

Security Awareness & Training

  • Manage phishing simulation campaigns
  • Support KnowBe4 administration
  • Review phishing campaign results
  • Assist with employee cybersecurity awareness training
  • Help develop training content and presentations
  • Conduct follow-up coaching sessions when necessary

Technical Security Review

  • Review Microsoft 365 security configurations
  • Evaluate identity and access management controls
  • Assess endpoint protection solutions
  • Review logging and monitoring capabilities
  • Evaluate cloud security controls
  • Review business continuity and disaster recovery practices
  • Perform other duties related to the position as assigned.

Qualifications & Requirements:

Required Qualifications:

  • 5+ years of cybersecurity experience
  • 3+ years of compliance experience
  • Strong understanding of:

HIPAA

NIST Cybersecurity Framework

NIST 800-53

NIST 800-171

SOC 2

  • Experience conducting risk assessments
  • Experience writing professional assessment reports
  • Strong written and verbal communication skills
  • Ability to work directly with clients
  • Experience presenting findings to management

Preferred Qualifications:

One or more of the following:

  • CISSP
  • CISA
  • CISM
  • HCISPP
  • CRISC
  • CCSK
  • Security+
  • ISO 27001 Lead Implementer
  • ISO 27001 Lead Auditor

Strongly Preferred Experience:

  • Healthcare industry experience
  • HIPAA consulting experience
  • vCISO experience
  • MSP or consulting experience
  • Security awareness training experience
  • Microsoft 365 security experience
  • Azure / Entra ID experience
  • Vulnerability management experience

Standard Requirements:

  • Proficient level of English (written and spoken).
  • Ability to manage multiple tasks in a fast-paced environment.
  • Ability to quickly learn new systems, software, and workflows.
  • Proficiency with Microsoft Office (Word, Excel, Outlook), and standard business tools (email, spreadsheets, document management).
  • Out-of-the-box thinker, highly accountable, reliable, self-motivated, and confident approach.
  • Positive attitude and the ability to learn and adapt quickly.
  • Ability to understand and follow established processes accurately with minimal supervision.
  • Ability to work U.S. Eastern Time (New York) business hours and adapt to business needs.
  • Interested in long-term career opportunities.
  • Reliable computer (Windows 10 or newer), two monitors, and stable high-speed internet.

Compensation & Benefits:

  • 100% remote work.
  • Compensation in USD.
  • Full-time position with 40 hours weekly.
  • Please note that this is a long-term opportunity.
  • Great work environment with potential for growth.

Or refer someone