Remote Senior Cybersecurity & Compliance Consultant HIPAA, NIST & SOC 2

Job Summary:

We are seeking a Remote Senior Cybersecurity & Compliance Consultant (HIPAA, NIST & SOC 2) to lead cybersecurity and compliance engagements for clients in healthcare, professional services, and other regulated industries. This role serves as a trusted advisor, providing strategic guidance on cybersecurity, risk management, compliance, and security best practices while supporting clients through assessments, remediation efforts, and ongoing security initiatives. The ideal candidate possesses strong technical cybersecurity expertise combined with deep knowledge of compliance frameworks including HIPAA, NIST, and SOC 2. Responsibilities include conducting cybersecurity and compliance assessments, evaluating security postures, identifying risks and security gaps, developing remediation plans, assisting with policy and procedure development, preparing professional assessment reports, delivering security awareness and phishing training programs, and supporting virtual CISO (vCISO) engagements. This position requires the ability to work independently, communicate effectively with executives, IT teams, compliance officers, and end users, and translate complex security and compliance requirements into practical, business-focused recommendations. The successful candidate will be comfortable leading client meetings, explaining compliance obligations, providing actionable guidance, and helping organizations strengthen their cybersecurity programs while meeting regulatory and industry standards.

Key Responsibilities:

Cybersecurity & Risk Assessments

• Conduct cybersecurity risk assessments
• Perform HIPAA Security Rule assessments
• Conduct NIST Cybersecurity Framework evaluations
• Assist with NIST 800-53 and NIST 800-171 assessments
• Participate in SOC 2 readiness reviews and gap analyses
• Review technical security controls
• Identify vulnerabilities and compliance deficiencies
• Develop remediation recommendations

Security Consulting

• Participate in client meetings as a cybersecurity advisor
• Explain technical and compliance concepts to non-technical stakeholders
• Assist organizations with security program development
• Support clients with audit preparation
• Provide guidance on security best practices
• Assist with vendor security reviews
• Support incident response and security investigations

Compliance & Documentation

• Draft and review security policies and procedures
• Develop risk management documentation
• Create remediation plans and corrective action plans
• Assist with compliance evidence collection
• Maintain assessment reports and client documentation

Security Awareness & Training

• Manage phishing simulation campaigns
• Support