HIPAA Compliance Assessor/Consultant in United States at Jobgether

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a HIPAA Compliance Assessor/Consultant based in the United States.

This role focuses on evaluating how digital platforms handle sensitive health-related data and ensuring compliance with HIPAA standards and related privacy frameworks. You will conduct independent assessments of systems such as websites, applications, and digital services, with particular attention to data protection practices and risk exposure. The work involves identifying where protected health information may be stored or processed, assessing vulnerabilities, and evaluating the effectiveness of existing safeguards. You will translate complex regulatory requirements into clear, actionable findings that help organizations strengthen their privacy and security posture. This is a consulting role suited to professionals who thrive in analytical, detail-driven environments and enjoy working across cybersecurity, privacy, and compliance disciplines. Your assessments will directly support safer handling of sensitive user data and improved regulatory alignment.

• Conduct independent HIPAA compliance assessments across digital systems, including websites, mobile applications, and platforms handling sensitive health-related data.
• Identify where electronic Protected Health Information (ePHI) is collected, stored, processed, or transmitted across data environments.
• Evaluate security controls, privacy safeguards, and operational practices to determine effectiveness and compliance with HIPAA requirements.
• Assess threats, vulnerabilities, likelihood, and potential impact of data privacy and security risks.
• Document findings in structured reports, including risk prioritization and remediation recommendations.
• Translate regulatory requirements into practical, actionable guidance for technical and non-technical stakeholders.

This role requires deep expertise in HIPAA compliance assessments, privacy frameworks, and healthcare data protection practices. The ideal candidate is highly analytical, comfortable working with complex data environments, and experienced in translating regulatory standards into operational controls. Strong familiarity with privacy risk methodologies and hands-on audit experience is essential.

• 5+ years of experience conducting HIPAA compliance assessments, audits, and reporting
• Strong knowledge of HIPAA Security Rule requirements and related frameworks such as NIST SP 800-66 Rev. 2, NIST Cybersecurity Framework, and HITRUST
• Experience performing privacy impact assessments (PIA) and data protection impact assessments (DPIA)
• Strong understanding of data flows, data lifecycle management, and user data handling in web and mobile applications
• Experience assessing consumer-facing systems, including consent mechanisms, transparency controls, and privacy features
• Ability to convert regulatory requirements into clear findings, risk assessments, and remediation guidance
• Background in cybersecurity, GRC, or product compliance preferred, with certifications such as CIPP, CIPM, or CISM considered a plus

• Competitive hourly consulting rate ($50–$85/hr, based on experience and engagement terms)
• Flexible, part-time consulting schedule with remote work options
• Project-based engagement structure with autonomy over workload management
• Opportunity to work on meaningful privacy and healthcare data protection initiatives
• Exposure to diverse digital systems, including consumer-facing applications and healthcare platforms
• Collaboration on high-impact compliance and risk assessment projects