Senior Associate, Cybersecurity Advisory & Risk Management

Description:

Job Title: Senior Associate, Cybersecurity Advisory & Risk Management

Department: ITRM

Employment Status: Full Time

Effective Date: 6/12/2026

About Us

Meditology Services is a leading healthcare-focused cybersecurity, privacy, compliance, and information risk management consulting firm. We help healthcare organizations manage risk, strengthen security programs, achieve compliance objectives, and improve cybersecurity maturity through practical, business-focused advisory services.

Our consultants work alongside healthcare executives, information security leaders, compliance teams, and operational stakeholders to solve complex cybersecurity and risk management challenges. We pride ourselves on delivering actionable recommendations, building trusted relationships, and helping our clients improve their security posture in meaningful ways.

Why Meditology

At Meditology, consultants are more than assessors—they are trusted advisors. You'll have the opportunity to work directly with healthcare executives, lead meaningful client engagements, develop expertise across cybersecurity and risk management disciplines, and help shape the future of healthcare cybersecurity.

This role provides a clear path toward advancement into Manager, Engagement Manager, and Advisory Leadership positions while working alongside some of the industry's leading healthcare cybersecurity professionals.

If you're looking for a role that combines cybersecurity expertise, client interaction, strategic thinking, presentation skills, and professional growth, we'd love to hear from you.

This version positions the role as approximately one level below your Engagement Manager role—less focused on project governance and accountability, and more focused on assessment leadership, client advisory, presentations, report development, and becoming a future trusted consultant. It should compete well against roles from Clearwater, Fortified, Security Risk Advisors, Deloitte Cyber Risk, and PwC Risk & Regulatory, while still reflecting Meditology's healthcare-centric advisory model.

Position Description:

Meditology is seeking a Senior Associate to join our Information Technology Risk Management (ITRM) Advisory practice. This role is ideal for a cybersecurity professional who enjoys working directly with clients, leading assessments, facilitating discussions, and helping organizations address complex cybersecurity, governance, risk, and compliance challenges.

Unlike traditional audit-focused roles, this position combines assessment execution, strategic advisory services, client relationship development, presentation delivery, and thought leadership. The ideal candidate is someone who wants to develop into a trusted advisor capable of leading client engagements, influencing executive decision-making, and helping organizations mature their cybersecurity programs.

This is a highly visible, client-facing consulting role with significant opportunities for growth and advancement.

Responsibilities include:

Lead Client Engagements

Serve as a key contributor and day-to-day lead on client engagements.

• Leading client interviews, workshops, and discovery sessions
• Facilitating discussions with executives, operational leaders, and technical teams
• Managing engagement activities, timelines, and deliverables
• Building trusted client relationships
• Identifying client risks, challenges, and opportunities
• Providing practical recommendations that align cybersecurity priorities with business objectives
• Supporting executive briefings and strategic discussions
• Leading portions of client engagements independently while partnering with Managers and Service Line Leaders on larger initiatives

The successful candidate will be comfortable interacting with clients and serving as a trusted advisor throughout the engagement lifecycle.

Perform Cybersecurity & Risk Assessments

Lead and support a variety of cybersecurity, risk management, and compliance engagements.

• Conducting NIST Cybersecurity Framework (CSF) 2.0 assessments
• Leading HIPAA Security Risk Assessments (SRAs)
• Performing cybersecurity maturity assessments
• Evaluating governance, risk, and compliance programs
• Conducting AI governance and AI risk assessments
• Assessing third-party risk management programs
• Identifying cybersecurity risks, control gaps, and improvement opportunities
• Developing risk registers, remediation roadmaps, and strategic recommendations
• Facilitating stakeholder interviews and workshops
• Presenting assessment results and recommendations to executive leadership

The Senior Associate should be capable of independently leading small-to-medium assessments while serving as a trusted advisor throughout the engagement lifecycle.

Perform HITRUST Readiness & Certification Assessments

Lead and support HITRUST-related engagements for healthcare and healthcare-adjacent organizations seeking to strengthen their security and compliance programs.

• Performing HITRUST e1, i1, and r2 readiness assessments
• Supporting validated HITRUST certification assessments
• Conducting control maturity and gap analyses
• Reviewing policies, procedures, and supporting evidence
• Developing remediation plans to address identified gaps
• Advising clients on HITRUST implementation strategies and certification readiness
• Supporting ongoing compliance and program maturity initiatives
• Presenting readiness and assessment results to client stakeholders

The ideal candidate understands how HITRUST aligns with broader cybersecurity, risk management, and compliance objectives and can communicate requirements in a practical, business-focused manner.

Support SOC 2 Readiness & Attestation Engagements

Support clients seeking to establish and demonstrate effective security and compliance controls through SOC reporting initiatives.

• Supporting SOC 2 readiness assessments
• Evaluating controls against the Trust Services Criteria
• Assisting clients with remediation planning and control implementation
• Reviewing policies, procedures, and evidence artifacts
• Supporting SOC 2 Type I and Type II attestation preparation activities
• Helping clients operationalize governance and compliance processes to support ongoing attestation requirements

Experience supporting SOC 2 Type II attestation engagements is highly desirable.

Develop Executive-Level Deliverables

Create high-quality deliverables that clearly communicate risks, recommendations, and business impact.

• Cybersecurity assessment reports
• Executive summaries
• Risk registers
• Remediation roadmaps
• Strategic recommendations
• Maturity assessment reports
• Presentation decks and workshop materials
• Board and executive-level communications

Candidates must be able to translate complex technical findings into language that resonates with executives, boards, and business leaders.

Presentation & Facilitation

Strong communication and presentation skills are critical to success in this role.

• Leading client interviews and workshops
• Facilitating cybersecurity and risk discussions
• Presenting findings and recommendations to leadership teams
• Delivering assessment readouts and remediation planning sessions
• Supporting executive and board-level presentations
• Developing professional PowerPoint presentations and client-facing materials

The ideal candidate enjoys presenting, facilitating discussions, and helping clients understand cybersecurity risks in a practical and business-focused manner.

Advisory & Strategy Services

Support clients in developing and improving cybersecurity and risk management programs.

Examples include:

• Cybersecurity strategy development
• Governance program assessments
• Security program benchmarking
• Risk management program development
• AI governance and oversight initiatives
• Cybersecurity roadmap creation
• Remediation planning and prioritization
• Third-party risk management strategy
• Security operating model development
• Policy and governance program development

This role requires the ability to move beyond compliance requirements and provide meaningful business-focused guidance.

Contribute to Practice Growth & Thought Leadership

As a consulting organization, we value professionals who contribute to the growth of both our clients and our firm.

• Participating in strategic account discussions
• Identifying opportunities to deliver additional value to clients
• Contributing to white papers, blog posts, and thought leadership initiatives
• Supporting webinars, conference presentations, and educational content
• Researching emerging cybersecurity, healthcare, and AI-related trends
• Sharing knowledge and mentoring junior team members

Requirements:

Qualifications:

• 4–7 years of experience in cybersecurity, information security, IT risk, compliance, consulting, or audit
• Experience conducting cybersecurity, compliance, or risk assessments
• Experience leading client interviews
• Experience developing professional reports and presentations
• Experience presenting findings and recommendations to clients
• Experience managing portions of client engagements independently
• Consulting experience preferred

Technical Knowledge:

Experience with one or more of the following:

• NIST Cybersecurity Framework (CSF) 2.0
• HIPAA Security Rule
• HITRUST (e1, i1, and r2)
• SOC 2 Type I and Type II
• NIST SP 800-53
• CIS Critical Security Controls
• Third-Party Risk Management
• AI Governance and Risk Management
• HIPAA Privacy Rule knowledge a plus

Professional Skills:

Successful candidates demonstrate:

• Strong consulting and advisory mindset
• Excellent written and verbal communication skills
• Strong presentation and facilitation abilities
• Executive presence and client-facing confidence
• Strong analytical and critical thinking skills
• Ability to connect cybersecurity risks to business outcomes
• Ability to manage multiple priorities and engagements
• Strong attention to detail and organizational skills
• Intellectual curiosity and desire for continuous learning
• Ability to develop trusted relationships with clients and colleagues

Preferred Certifications:

One or more of the following certifications is a plus:

• CISSP
• CISM
• CISA
• HCISPP
• CRISC
• HITRUST CCSFP
• Security+

Candidates actively pursuing certifications are encouraged to apply.