Datavant is hiring a
Security Audit and Compliance Lead

Summary

Join a highly collaborative, remote-first team that is passionate about creating transformative change in healthcare. As a leader within the larger Information Security organization, your mission is to help Datavant in achieving and maintaining HITRUST.

Requirements

• 4+ years experience in security and privacy frameworks, such as SOC 2, ISO 27001, HIPAA, PCI, NIST 800-53, FedRAMP, etc
• Specific experience with HITRUST Common Security Framework (CSF)
• Experience in performing technical assessments and documentation around key controls and security processes, as well as auditing IT processes, including working knowledge of key controls across a number of industry best practices
• Excellent analytical, problem-solving, and project management skills
• Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams, stakeholders, and customers
• Detail-oriented and able to handle multiple priorities in a fast-paced environment
• Ability to operate effectively in ambiguity

Responsibilities

• Develop, implement, and manage a comprehensive HITRUST compliance program that aligns with industry standards and ensures ongoing compliance
• Develop and maintain project plans, timelines, and milestones for HITRUST certification
• Facilitate audit procedures and evidence gathering with external auditors and internal partners
• Communicate effectively and regularly with internal teams, external auditors, and customers
• Manage a wide range of compliance and control efforts relating to HITRUST and audits; coordinate remediation efforts throughout the organization, analyze risks, and implement mitigation actions
• Create a comprehensive HITRUST program utilizing unified control frameworks and monitoring of controls to ensure alignment with other control frameworks such as NIST CSF, CIS, etc
• Oversee issue, gap and remediation plans, compensating and mitigating control activities and retesting; scale and standardize the deviation process
• Create standard operating processes for managing changes to the control environment, managing HITRUST, and guiding control owners in readiness
• Liaise with customers and auditors, articulating control implementation, and describing considerations for applying security and compliance concepts to a technical environment
• Field and address requests for team support in collaboration with internal and external stakeholders

Preferred Qualifications

• One or more industry-recognized security, cloud, or audit professional certifications (e.g., CISA, CISM, CISSP, CCSP, etc.)
• IT security and audit experience in the healthcare industry