IT Controls & Compliance Analyst

Modivcare is looking for an experienced IT Controls & Compliance Analyst to join our team supporting enterprise-wide IT governance compliance risk management and audit initiatives. This role is responsible for helping ensure compliance with regulatory requirements and industry standards including SOX HITRUST HIPAA SOC 2 ISO 27001 and related control frameworks. The ideal candidate will bring strong experience in IT General Controls (ITGCs) audit coordination compliance monitoring and governance processes while partnering cross-functionally to strengthen the organizations overall compliance posture.

This position is based in our Denver office and requires on-site attendance five (5) days per week.

This role

• Develops implements and maintains IT compliance policies procedures processes and controls supporting regulatory customer and industry requirements including HIPAA HITRUST SOX SOC 2 ISO 27001 and CCPA.

• Leads and coordinates internal and external IT audits assessments and compliance engagements including audit planning evidence collection remediation tracking and coordination with business stakeholders and third-party assessors.

• Manages and optimizes Governance Risk & Compliance (GRC) processes workflows tooling reporting and monitoring activities supporting control testing audit readiness evidence management remediation tracking and continuous compliance monitoring.

• Conducts and supports routine and ad hoc testing of IT General Controls (ITGCs) automated controls application controls and related compliance processes through walkthroughs evidence validation technical analysis and control testing activities.

• Reviews and analyzes technical evidence system-generated reports and control artifacts to validate compliance with established policies standards and control requirements.

• Collaborates with technical teams to evaluate system configurations access controls change management activities logging monitoring and other technical controls supporting compliance and audit objectives.

• Supports customer compliance activities and audit requests including responding to customer security and compliance inquiries and maintaining compliance-related reporting commitments.

• Supports continuous compliance and controls monitoring initiatives through automation data analytics governance reporting and control performance tracking activities.

• Reviews and maintains IT security policies standards and governance documentation to align with industry frameworks and organizational requirements including NIST CSF NIST 800-53 and ISO 27001.

• Supports IT risk management activities including vulnerability management patch governance third-party risk assessments POAM management remediation tracking and security awareness initiatives.

• Ensures IT staff understand assigned compliance responsibilities risks and controls through communication coordination and training support activities.

• Identifies opportunities to improve compliance audit and governance operations through process optimization control automation scripting data analytics GRC enhancements and emerging AI-assisted capabilities.

• Ensures compliance commitments and audit activities are completed accurately and within established timelines.

• May lead projects and perform additional duties as assigned including occasional business travel as required.

• This role does not have direct supervisory responsibilities.

We are interested in speaking with individuals with the following

• Bachelors Degree in Computer Science Computer Engineering Information Systems Information Security/Cyber Security or a related field preferred.

• Five (5) or more years of experience in IT compliance IT audit information security governance risk management or related areas.

• Experience supporting IT audits IT General Controls (ITGC) testing compliance assessments and external audit engagements including HITRUST SOC 2 ISO 27001 and SOX preferred.

• CISA certification strongly preferred. CISSP CRISC ITIL GIAC or related certifications are a plus.

• Equivalent combinations of education and experience may be considered.

• Strong knowledge of IT governance compliance audit and risk management principles and practices.

• Experience supporting and coordinating compliance programs audits assessments and remediation activities across multiple regulatory and industry frameworks.

• Knowledge of regulatory requirements and industry standards including HIPAA HITRUST SOX SOC 2 NIST CSF NIST 800-53 ISO 27001 and CCPA.

• Strong understanding of IT General Controls (ITGCs) IT audit methodologies control testing techniques evidence evaluation and core control domains including logical access change management SDLC privileged access and logging and monitoring controls.

• Experience developing and maintaining policies procedures controls standards narratives and governance documentation within an enterprise GRC program.

• Experience working with GRC platforms compliance workflows audit evidence management reporting processes and control tracking activities.

• Ability to analyze technical processes system control environments audit evidence large data sets and system-generated reports to identify risks control deficiencies and practical remediation solutions.

• Familiarity with scripting languages automation platforms data analytics and AI-assisted technologies used to improve control testing evidence collection compliance monitoring and audit operations.

• Strong organizational analytical problem-solving and project coordination skills with attention to detail.

• Effective verbal and written communication skills with the ability to collaborate across technical operational and leadership teams.

• Ability to manage multiple priorities and adapt effectively in a fast-paced environment.

• Proficient in Microsoft Office products including Word Excel Outlook and PowerPoint.

• Familiarity with quantitative risk analysis methodologies including FAIR is a plus.

Salary: $96200 $126600