Sr. IT Audit and Compliance Analyst

What Were Looking For

As a Senior Analyst within the Information Security Governance Risk and Compliance (GRC) organization you will play a key role in supporting Datavants audit compliance and assurance activities. Youll apply your deep understanding of IT controls risk management and compliance frameworks to help maintain and improve Datavants control environment. This is a hands-on role suited for a self-starter who enjoys solving problems collaborating cross-functionally and ensuring compliance excellence in a fast-paced environment.

What You Will Do

• Support Strategic Compliance Initiatives
• Contribute to enterprise-level audits and assessments (FedRAMP HITRUST PCI-DSS HIPAA etc.) from kickoff through final deliverables and report delivery.
• Perform technical control testing and validation for infrastructure applications and cloud services.
• Coordinate walkthroughs evidence collection and remediation tracking with internal teams and external auditors.
• Strengthen the Control Environment
• Support the maintenance and enhancement of Datavants Unified Control Framework (UCF) to align overlapping compliance frameworks.
• Draft and update control narratives test plans and policy documentation in response to evolving regulatory and industry requirements.
• Partner with control owners to validate control effectiveness and identify improvement opportunities.
• Communicate and Collaborate
• Act as a compliance subject matter expert supporting internal stakeholders across engineering product legal and operations.
• Translate complex compliance requirements into clear actionable technical and operational guidance.
• Provide clear concise documentation and summaries to support audit readiness and stakeholder understanding.
• Enhance Processes and Automation
• Identify opportunities to automate and streamline evidence collection and control testing.
• Collaborate with GRC team members to improve existing compliance workflows and leverage tooling for greater efficiency.
• Participate in process reviews to strengthen consistency and accuracy across compliance activities.
• Drive Continuous Improvement
• Draft control descriptions SOC report narratives and remediation plans.
• Identify control gaps assess risk and lead remediation tracking through completion.
• Stay current on emerging regulations frameworks and audit trends to ensure Datavant stays ahead of the curve.

What You Need to Succeed

• 4 years of experience in IT audit security compliance or risk management.
• Hands-on proven experience with security frameworks and regulations such as HIPAA PCI-DSS HITRUST NIST 800-53 and/or FedRAMP.
• Experience conducting technical control assessments and writing audit-ready documentation.
• Excellent communication skillsyou can explain control requirements to engineers and translate technical speak for auditors.
• Demonstrated ability to juggle competing priorities in a fast-moving environment.
• Strong analytical organizational and project management capabilities.
• Self-starter who is driven to build structure where needed.

Tool & Technology Stack:
We value familiarity with the following tools and platforms. While not all are required exposure to these (or similar) technologies will help you succeed:

• GRC Platforms: TrustCloud or Similar
• Ticketing Systems: Jira Asana
• Collaboration Tools: Slack Confluence
• Cloud Platforms: AWS (preferred) GCP Azure
• Automation/Scripting: Familiarity with automation tools or scripting languages (e.g. Python Bash) for control testing and workflow optimization is a plus

What Helps You Stand Out

• One or more industry-recognized certifications: CISA CISSP CISM CCSP etc.
• Experience in the healthcare industry or working with PHI and HIPAA compliance.
• Familiarity with cloud-native security practices and cloud compliance tooling.