ZipRecruiter

Log In

1

Hitrust Contract Jobs in Raleigh, NC (NOW HIRING)

Well

Senior Director, Information Security

Chapel Hill, NC · On-site +1

$190K - $230K/yr

... contracts, implementation, security audits) * Lead selection and management of external vendors to conduct third-party audits, assessments and certifications (e.g., HITRUST, SOC2, etc.) * Partner ...

IT Labs

Lead Data Engineer

Raleigh, NC · Remote

$117K - $140K/yr

Familiarity with Tableau. * Understanding of HIPAA and HITRUST data handling practices ... Contract or B2B arrangement Our values We are a company that seeks the best for both our employees ...

FastMed

Vice President Information Technology

Durham, NC · On-site

$151K - $189K/yr

... contracts. The role provides leadership for a single, integrated IT department that delivers ... Knowledge of HITRUST and healthcare regulatory requirements preferred. Skills: * Deep understanding ...

All JobsHitrust Contract JobsHitrust Contract Jobs in Raleigh, NC

Hitrust Contract information

See Raleigh, NC salary details

$16

$33

$49

How much do hitrust contract jobs pay per hour?

As of Jun 23, 2026, the average hourly pay for hitrust contract in Raleigh, NC is $33.90, according to ZipRecruiter salary data. Most workers in this role earn between $28.03 and $39.04 per hour, depending on experience, location, and employer.

What is the difference between Hitrust Contract vs Security Analyst?

AspectHitrust ContractSecurity Analyst
CertificationsHITRUST CSF, HIPAACISSP, CISA, Security+
Work EnvironmentHealthcare, compliance-focusedIT security teams, various industries
Employer & IndustryHealthcare providers, vendorsAny industry with cybersecurity needs

HITRUST Contract roles focus on ensuring compliance with HITRUST standards, primarily in healthcare. Security Analysts handle broader cybersecurity tasks across industries, including threat detection and risk management. While both roles require security certifications, HITRUST Contract positions emphasize healthcare regulations, whereas Security Analysts have a wider scope in cybersecurity practices.

What are some common challenges faced by professionals working on HITRUST contract compliance projects?

Professionals working on HITRUST contract compliance projects often face challenges such as interpreting complex regulatory requirements, coordinating with multiple departments to gather documentation, and ensuring that all security controls are properly implemented and maintained. Additionally, meeting tight audit deadlines and effectively communicating technical requirements to non-technical stakeholders can be demanding. These roles frequently require strong project management skills, attention to detail, and the ability to adapt to evolving compliance standards.

What is a HITRUST contract?

A HITRUST contract is a legal agreement that outlines the requirements and responsibilities for achieving or maintaining HITRUST certification, a widely recognized standard for information security and privacy in the healthcare industry. These contracts are often used between organizations and their vendors or partners to ensure compliance with the HITRUST Common Security Framework (CSF). The contract typically specifies the controls, reporting, and audit obligations needed to protect sensitive data, such as patient health information, and to meet regulatory requirements like HIPAA. Entering into a HITRUST contract can help organizations demonstrate their commitment to security and build trust with clients and partners.

What are the key skills and qualifications needed to thrive as a HITRUST Compliance Manager, and why are they important?

To thrive as a HITRUST Compliance Manager, you need in-depth knowledge of information security, risk management, and regulatory frameworks, typically backed by a degree in IT or cybersecurity and experience with HITRUST CSF. Familiarity with compliance management tools, GRC systems, and HITRUST certification processes is crucial. Outstanding attention to detail, problem-solving skills, and strong communication abilities help you interpret standards and guide organizations through audits. These competencies ensure organizations maintain robust data protection, regulatory compliance, and successful HITRUST certification.
What are the most commonly searched types of Hitrust jobs in Raleigh, NC? The most popular types of Hitrust jobs in Raleigh, NC are:
What are popular job titles related to Hitrust Contract jobs in Raleigh, NC? For Hitrust Contract jobs in Raleigh, NC, the most frequently searched job titles are:
What job categories do people searching Hitrust Contract jobs in Raleigh, NC look for? The top searched job categories for Hitrust Contract jobs in Raleigh, NC are:
Hitrust Contract jobs near you
Senior Director, Information Security

Senior Director, Information Security

Well

Chapel Hill, NC • On-site, Remote

$190K - $230K/yr

Full-time

Posted 17 days ago

Job description

Description
Company: Well is a healthcare innovation company with the heart of a services organization and the DNA of a SaaS platform. Our Dynamic Engagement System transforms workforce health by uniting AI, human guidance, and proven behavioral science to reduce costs, improve outcomes, and create resilient, thriving workforces. We partner with the world's largest, most sophisticated employers and the consultants who advise them. We're a highly diverse and engaged organization whose employees are passionate about the mission of the company and whose management is passionate about the employees. We promote an employee- and member-centric culture with generous benefits, which you can learn more about here: https://www.well.co/careers.
Position Title: Senior Director, Information Security (Security Officer)
Reporting to: VP, Legal & General Counsel (Privacy Officer)
Location: Preference for Chapel Hill, NC or Newton, MA
Compensation: $190,000 - $230,000 per year, depending on qualifications, plus bonus potential and benefits
Description: As the Security Officer for Well, you will collaborate with executive management and key operational teams to determine acceptable levels of risk for the organization and you will be responsible for developing and maintaining the company's information security management program, which includes policies designed to protect enterprise communications, systems and assets from both internal and external threats. Reporting to the VP, Legal & General Counsel, you will provide independent partnership to our key operational teams, most notably the technology organization, driving both the development of policies that achieve the right posture, given our strategic and operational needs, and consulting on the implementation of such policies that you own and maintain on an ongoing basis. You will also serve as the subject matter expert and key contact for customers on security and member data privacy issues as they relate to the use of our platform, in close collaboration with the General Counsel (Privacy Officer). Additionally, you will collaborate with the General Counsel to provide independent risk reporting and escalation directly to the Board of Directors.
Key Responsibilities:
  • Partner with infrastructure and engineering teams to develop and monitor a strategic, comprehensive enterprise security and IT risk management framework and program
  • Work directly with the business units to facilitate risk assessment and risk management processes
  • Understand and interact with related disciplines (e.g., through committees or working groups) to ensure our policies are tuned correctly to balance strategic and operational realities, and the consistent application of our policies and standards across all technology projects, systems and services
  • Serve as a subject matter expert and point of contact for customers, potential customers, and sales colleagues on security and member data privacy issues as they relate to the use of our platform (e.g., in RFP responses, contracts, implementation, security audits)
  • Lead selection and management of external vendors to conduct third-party audits, assessments and certifications (e.g., HITRUST, SOC2, etc.)
  • Partner with infrastructure and engineering teams to design, maintain, and regularly test business continuity and disaster recovery strategies to ensure platform resilience and data availability, as well as to lead incident response plan (IRP) development and act as quarterback for IRP issues
  • Partner with infrastructure and engineering teams on continuous security monitoring operations, vulnerability management programs, threat intelligence, and the deployment of the corporate endpoint/network security stack
  • Partner with business stakeholders across the company to raise awareness of risk management concerns and ensure compliance with required policy acknowledgments and training
  • Assist with overall business technology planning, providing a current knowledge and future vision of technology and systems
  • Take personal responsibility for keeping all Well systems and data, including sensitive member data, secure and safe, according to Well data and security policies and HIPAA guidelines

Requirements
  • Minimum of 8 years of experience in a combination of compliance, risk management, information security and IT roles in a high-growth organization
  • Knowledge of common information security management frameworks, such as SOC, HIPAA/HITRUST, NIST and ISO
  • Demonstrated ability to develop effective security policies and governance programs in a health-related business context
  • Commercially minded, strong track record of partnership across the business, including successful collaboration with technical teams
  • Deep understanding of software engineering workflows and work products along with the ability to apply this knowledge to optimize strategies that achieve strategic alignment with organizational objectives
  • Experience with Cloud computing across virtualized environments
  • Professional security management certification(s)
  • Experience with contract and vendor negotiations and management, including managed services
  • Familiarity with internal audit methodologies applicable to SaaS companies, IT general controls (ITGC) testing, and control framework evaluation (e.g. COSO, COBIT); experience building or managing an internal audit function
  • Familiarity with AI security best practices and governance frameworks (e.g., NIST AI RMF, OWASP LLM Top 10, ISO/IEC 42001), including experience assessing and mitigating AI-specific risks such as model security, data integrity, and prompt injection in a healthcare or SaaS context

Apply