Sr. IT Audit and Compliance Analyst

Datavant is a data platform company and the world's leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format. Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world's leading life sciences companies, government agencies, and those who deliver and pay for care. By joining Datavant today, you're stepping onto a high-performing, values-driven team. Together, we're rising to the challenge of tackling some of healthcare's most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare. **What We're Looking For** As a Senior Analyst within the Information Security Governance, Risk, and Compliance (GRC) organization, you will play a key role in supporting Datavant's audit, compliance, and assurance activities. You'll apply your deep understanding of IT controls, risk management, and compliance frameworks to help maintain and improve Datavant's control environment. This is a hands-on role suited for a self-starter who enjoys solving problems, collaborating cross-functionally, and ensuring compliance excellence in a fast-paced environment. **What You Will Do** + Support Strategic Compliance Initiatives + Contribute to enterprise-level audits and assessments (FedRAMP, HITRUST, PCI-DSS, HIPAA, etc.) from kickoff through final deliverables and report delivery. + Perform technical control testing and validation for infrastructure, applications, and cloud services. + Coordinate walkthroughs, evidence collection, and remediation tracking with internal teams and external auditors. + Strengthen the Control Environment + Support the maintenance and enhancement of Datavant's Unified Control Framework (UCF) to align overlapping compliance frameworks. + Draft and update control narratives, test plans, and policy documentation in response to evolving regulatory and industry requirements. + Partner with control owners to validate control effectiveness and identify improvement opportunities. + Communicate and Collaborate + Act as a compliance subject matter expert, supporting internal stakeholders across engineering, product, legal, and operations. + Translate complex compliance requirements into clear, actionable technical and operational guidance. + Provide clear, concise documentation and summaries to support audit readiness and stakeholder understanding. + Enhance Processes and Automation + Identify opportunities to automate and streamline evidence collection and control testing. + Collaborate with GRC team members to improve existing compliance workflows and leverage tooling for greater efficiency. + Participate in process reviews to strengthen consistency and accuracy across compliance activities. + Drive Continuous Improvement + Draft control descriptions, SOC report narratives, and remediation plans. + Identify control gaps, assess risk, and lead remediation tracking through completion. + Stay current on emerging regulations, frameworks, and audit trends to ensure Datavant stays ahead of the curve. **What You Need to Succeed** + 4+ years of experience in IT audit, security compliance or risk management. + Hands-on, proven experience with security frameworks and regulations such as, HIPAA, PCI-DSS, HITRUST, NIST 800-53, and/or FedRAMP. + Experience conducting technical control assessments and writing audit-ready documentation. + Excellent communication skills-you can explain control requirements to engineers and translate technical speak for auditors. + Demonstrated ability to juggle competing priorities in a fast-moving environment. + Strong analytical, organizational, and project management capabilities. + Self-starter who is driven to build structure where needed. Tool & Technology Stack: We value familiarity with the following tools and platforms. While not all are required, exposure to these (or similar) technologies will help you succeed: + GRC Platforms: TrustCloud or Similar + Ticketing Systems: Jira, Asana + Collaboration Tools: Slack, Confluence + Cloud Platforms: AWS (preferred), GCP, Azure + Automation/Scripting: Familiarity with automation tools or scripting languages (e.g., Python, Bash) for control testing and workflow optimization is a plus Bonus points for: + One or more industry-recognized certifications: CISA, CISSP, CISM, CCSP, etc. + Experience in the healthcare industry or working with PHI and HIPAA compliance. + Familiarity with cloud-native security practices and cloud compliance tooling. We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. At Datavant our total rewards strategy powers a high-growth, high-performance, health technology company that rewards our employees for transforming health care through creating industry-defining data logistics products and services. The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job. The estimated total cash compensation range for this role is: $136,000-$170,000 USD To ensure the safety of patients and staff, many of our clients require post-offer health screenings and proof and/or completion of various vaccinations such as the flu shot, Tdap, COVID-19, etc. Any requests to be exempted from these requirements will be reviewed by Datavant Human Resources and determined on a case-by-case basis. Depending on the state in which you will be working, exemptions may be available on the basis of disability, medical contraindications to the vaccine or any of its components, pregnancy or pregnancy-related medical conditions, and/or religion. This job is not eligible for employment sponsorship. Datavant is committed to a work environment free from job discrimination. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. To learn more about our commitment, please review our EEO Commitment Statement here ( . Know Your Rights ( , explore the resources available through the EEOC for more information regarding your legal rights and protections. In addition, Datavant does not and will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your answers will be anonymous and will help us identify areas for improvement in our recruitment process. (We can only see aggregate responses, not individual ones. In fact, we aren't even able to see whether you've responded.) Responding is entirely optional and will not affect your application or hiring process in any way. Datavant is committed to working with and providing reasonable accommodations to individuals with physical and mental disabilities. If you need an accommodation while seeking employment, please request it here, ( by selecting the 'Interview Accommodation Request' category. You will need your requisition ID when submitting your request, you can find instructions for locating it here ( . Requests for reasonable accommodations will be reviewed on a case-by-case basis. For more information about how we collect and use your data, please review our Privacy Policy ( .