Remote Security Audit and Compliance Lead

Summary

Join Datavant, a data logistics company for healthcare, as a lead in the Information Security Governance, Risk, and Compliance (GRC) organization. You will help execute external audits and assist customers in understanding the Datavant control environment to satisfy their audit and compliance requirements.

Requirements

• 4+ years experience in security, audits, customer assurance, control assessments, or risk assessments based on security and privacy frameworks, such as SOC 2, ISO 27001, HIPAA, PCI, HITRUST, NIST 800-53, FedRAMP, etc
• Experience in performing technical assessments and documentation around key controls and security processes, as well as auditing IT processes, including working knowledge of key controls across a number of industry best practices
• Excellent analytical, problem-solving, and project management skills
• Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams, stakeholders, and customers
• Detail-oriented and able to handle multiple priorities in a fast-paced environment
• Ability to operate effectively in ambiguity

Responsibilities

• Lead and manage enterprise-level GRC audits and assessments from initiation to completion, ensuring timely delivery and adherence to project objectives, timelines and budgets
• Facilitate audit procedures and evidence gathering with external auditors and internal partners
• Manage customer assessment and assurance activities
• Communicate effectively and regularly with internal teams, external auditors, and customers
• Perform technical assessments and documentation around key controls and security processes, as well as auditing IT processes, including working knowledge of key controls across a number of industry best practices
• Liaise with customers and auditors, articulating control implementation, and describing considerations for applying security and compliance concepts to a technical environment
• Field and address requests for team support in collaboration with internal and external stakeholders
• Simplify security compliance requirements into clear technical control specifications and policies
• Continuously build and refine Datavant’s internal control framework and related documentation (e.g., policies, procedures, control narratives), and contribute to ongoing controls development and improvement
• Actively identify and communicate control gaps; help the company develop and confirm remediation efforts
• Stay apprised on industry standards and regulations for security and compliance

Preferred Qualifications

• One or more industry-recognized security, cloud, or audit professional certifications (e.g., CISA, CISM, CISSP, CCSP, etc.)
• IT security and audit experience in the healthcare industry
• Knowledge of, or experience working with, cloud-services environment (e.g. AWS) and cloud security controls