Sr. IT Audit and Compliance Analyst

What We're Looking For

As a Senior Analyst within the Information Security Governance, Risk, and Compliance (GRC) organization, you will play a key role in supporting Datavant's audit, compliance, and assurance activities. You'll apply your deep understanding of IT controls, risk management, and compliance frameworks to help maintain and improve Datavant's control environment. This is a hands-on role suited for a self-starter who enjoys solving problems, collaborating cross-functionally, and ensuring compliance excellence in a fast-paced environment.

What You Will Do

• Support Strategic Compliance Initiatives




• Contribute to enterprise-level audits and assessments (FedRAMP, HITRUST, PCI-DSS, HIPAA, etc.) from kickoff through final deliverables and report delivery.
• Perform technical control testing and validation for infrastructure, applications, and cloud services.
• Coordinate walkthroughs, evidence collection, and remediation tracking with internal teams and external auditors.




• Strengthen the Control Environment




• Support the maintenance and enhancement of Datavant's Unified Control Framework (UCF) to align overlapping compliance frameworks.
• Draft and update control narratives, test plans, and policy documentation in response to evolving regulatory and industry requirements.
• Partner with control owners to validate control effectiveness and identify improvement opportunities.




• Communicate and Collaborate




• Act as a compliance subject matter expert, supporting internal stakeholders across engineering, product, legal, and operations.
• Translate complex compliance requirements into clear, actionable technical and operational guidance.
• Provide clear, concise documentation and summaries to support audit readiness and stakeholder understanding.




• Enhance Processes and Automation




• Identify opportunities to automate and streamline evidence collection and control testing.
• Collaborate with GRC team members to improve existing compliance workflows and leverage tooling for greater efficiency.
• Participate in process reviews to strengthen consistency and accuracy across compliance activities.




• Drive Continuous Improvement




• Draft control descriptions, SOC report narratives, and remediation plans.
• Identify control gaps, assess risk, and lead remediation tracking through completion.
• Stay current on emerging regulations, frameworks, and audit trends to ensure Datavant stays ahead of the curve.

What You Need to Succeed

• 4+ years of experience in IT audit, security compliance or risk management.
• Hands-on, proven experience with security frameworks and regulations such as, HIPAA, PCI-DSS, HITRUST, NIST 800-53, and/or FedRAMP.
• Experience conducting technical control assessments and writing audit-ready documentation.
• Excellent communication skills-you can explain control requirements to engineers and translate technical speak for auditors.
• Demonstrated ability to juggle competing priorities in a fast-moving environment.
• Strong analytical, organizational, and project management capabilities.
• Self-starter who is driven to build structure where needed.

Tool & Technology Stack:
We value familiarity with the following tools and platforms. While not all are required, exposure to these (or similar) technologies will help you succeed:

• GRC Platforms: TrustCloud or Similar
• Ticketing Systems: Jira, Asana
• Collaboration Tools: Slack, Confluence
• Cloud Platforms: AWS (preferred), GCP, Azure
• Automation/Scripting: Familiarity with automation tools or scripting languages (e.g., Python, Bash) for control testing and workflow optimization is a plus

Bonus points for:

• 
  
  
  
  • One or more industry-recognized certifications: CISA, CISSP, CISM, CCSP, etc.
  • Experience in the healthcare industry or working with PHI and HIPAA compliance.
  • Familiarity with cloud-native security practices and cloud compliance tooling.