Experienced International Compliance Auditor (HITRUST/NATO)

About the position Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, we deliver next-generation audit services across SOC 2, ISO 27001, PCI DSS (QSA), HITRUST, CMMC (C3PAO), and FedRAMP (3PAO) frameworks. We’re not your traditional audit firm — we’re tech-enabled, leveraging compliance automation and advanced collaboration tools to make audits faster, smarter, and more impactful for our clients. Recognized on the Inc. 5000 and Fast 50 lists, Insight Assurance is one of the fastest-growing global audit firms, with 170+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC. JOB PURPOSE We are seeking a highly skilled compliance auditor who has secured their CMMC Certified Professional (CCP) certification or would be able to secure their CCP within six months, to join our secure team which assesses client’s ability to safeguard government data. The ideal candidate will have demonstrated experience leading compliance initiatives in regulated environments, ensuring adherence to complex regulatory frameworks, and knowledge of CMMC and NIST. Due to the legal requirement of this role, applicants must hold full or dual citizenship in the U.S., Australia, a NATO member country(listed below), or South Korea, and be able to produce a valid passport. Strong analytical, communication, and collaboration skills are essential to successfully work within our cross-functional teams and with external clients. This is a unique opportunity to make a meaningful impact on data security while working in a dynamic, fast-paced, high-stakes environment. Responsibilities • Assessment Planning: Develop a comprehensive assessment plan outlining the scope, objectives, and methodology for evaluating the organization's cybersecurity practices and controls. • Evaluate Compliance: Assess the organization's adherence to the HITRUST and CMMC frameworks by reviewing policies, procedures, and technical security controls to ensure they meet the required maturity level. • Data Collection: Gather and analyze relevant documentation, including system configurations, security policies, incident response plans, and training materials. • Conduct Interviews: Engage with key personnel within the organization to understand the implementation of cybersecurity practices and gauge their familiarity with security protocols. • Risk Assessment: Identify potential risks and vulnerabilities in the organization’s cybersecurity posture, determining their potential impact on safeguarding governmental data. • Reporting Findings: Create detailed reports that document assessment findings, highlighting areas of compliance and non-compliance, along with recommendations for improvement. • Provide Guidance: Offer expert advice and best practices to help organizations enhance their cybersecurity measures and achieve compliance with HITRUST and CMMC requirements. • Follow-Up Assessments: Conduct follow-up assessments to verify that corrective actions have been implemented, and that the organization is on track to achieve or maintain compliance. • Continuous Learning: Stay updated on changes in the HITRUST and CMMC frameworks, cybersecurity threats, and mitigation strategies to provide the most relevant and effective assessments. • Client Interaction: Maintain clear communication with clients throughout the assessment process to ensure understanding and facilitate collaboration. • Assist the Lead assessor in gathering and evaluating assessment evidence. • Evaluates the design and effectiveness of controls. • Identifies and communicates preliminary assessment findings for daily checkpoint meetings. • Foster stakeholder relationships through proactive communication with clients, colleagues and partners. • Proactively communicate with management regarding any potential issues. Requirements • Excellent oral and written communication skills. • Ability to work individually as well as collaboratively. • A high degree of motivation. • Fluency in English is required. • Bachelor’s degree in accounting, business, cyber security, or management information systems. • At least 3 years of experience performing IT audit engagements at a Big 4 or other audit/consulting firm. • Candidates with an active or working towards RP, RPA, or CCP certification. • As part of this role, you will also be required to complete CMMC training within your first 6 months. • Once Tier 3 suitability has been achieved, participation with the CMMC service line will be expected. • A candidate on a path to secure a CMMC certification within six months must possess an approved Intermediate Certification, such as: (ISC)2 CGRC/CAP CompTIA CASP+ CompTIA Cloud+ CompTIA PenTest+ CompTIA Security+ GIAC GSEC Nice-to-haves • Experience using GRC and compliance automation tools (Vanta, Drata, SecureFrame) is a plus. • The ideal client will already possess a CISA, CPA, or CISSP certification. Benefits • Flexible Paid Time Off and paid Holidays • Quarterly Performance Bonuses • 100% Remote • Competitive salary and benefits package. • Opportunities for professional growth and development. • Collaborative and innovative work environment. Apply tot his job