HIPAA Compliance Assessor/Consultant

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a HIPAA Compliance Assessor/Consultant based in the United States.

This role focuses on evaluating how digital platforms handle sensitive health-related data and ensuring compliance with HIPAA standards and related privacy frameworks. You will conduct independent assessments of systems such as websites, applications, and digital services, with particular attention to data protection practices and risk exposure. The work involves identifying where protected health information may be stored or processed, assessing vulnerabilities, and evaluating the effectiveness of existing safeguards. You will translate complex regulatory requirements into clear, actionable findings that help organizations strengthen their privacy and security posture. This is a consulting role suited to professionals who thrive in analytical, detail-driven environments and enjoy working across cybersecurity, privacy, and compliance disciplines. Your assessments will directly support safer handling of sensitive user data and improved regulatory alignment.

Accountabilities:

• Conduct independent HIPAA compliance assessments across digital systems, including websites, mobile applications, and platforms handling sensitive health-related data.
• Identify where electronic Protected Health Information (ePHI) is collected, stored, processed, or transmitted across data environments.
• Evaluate security controls, privacy safeguards, and operational practices to determine effectiveness and compliance with HIPAA requirements.
• Assess threats, vulnerabilities, likelihood, and potential impact of data privacy and security risks.
• Document findings in structured reports, including risk prioritization and remediation recommendations.
• Translate regulatory requirements into practical, actionable guidance for technical and non-technical stakeholders.

Requirements:

This role requires deep expertise in HIPAA compliance assessments, privacy frameworks, and healthcare data protection practices. The ideal candidate is highly analytical, comfortable working with complex data environments, and experienced in translating regulatory standards into operational controls. Strong familiarity with privacy risk methodologies and hands-on audit experience is essential.

• 5+ years of experience conducting HIPAA compliance assessments, audits, and reporting
• Strong knowledge of HIPAA Security Rule requirements and related frameworks such as NIST SP 800-66 Rev. 2, NIST Cybersecurity Framework, and HITRUST
• Experience performing privacy impact assessments (PIA) and data protection impact assessments (DPIA)
• Strong understanding of data flows, data lifecycle management, and user data handling in web and mobile applications
• Experience assessing consumer-facing systems, including consent mechanisms, transparency controls, and privacy features
• Ability to convert regulatory requirements into clear findings, risk assessments, and remediation guidance
• Background in cybersecurity, GRC, or product compliance preferred, with certifications such as CIPP, CIPM, or CISM considered a plus

Benefits:

• Competitive hourly consulting rate ($50–$85/hr, based on experience and engagement terms)
• Flexible, part-time consulting schedule with remote work options
• Project-based engagement structure with autonomy over workload management
• Opportunity to work on meaningful privacy and healthcare data protection initiatives
• Exposure to diverse digital systems, including consumer-facing applications and healthcare platforms
• Collaboration on high-impact compliance and risk assessment projects

How Jobgether works: We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best!  Why Apply Through Jobgether?    Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.     #LI-CL1

Remote Work