Sr IT Audit and Compliance Lead

What We're Looking For

Are you passionate about security compliance? Do you thrive in fast-paced, highly regulated environments and want to make a real difference-not just tick boxes?

As a Security Audit and Compliance Lead at Datavant, you'll play a mission-critical role in shaping how we manage risk, meet regulatory expectations, and scale trust with our partners. You'll be a key member of the Governance, Risk, and Compliance (GRC) team, directly influencing Datavant's internal control environment and leading high-impact audit and compliance initiatives.

This is a hands-on role for someone who is energized by solving complex problems, navigating ambiguity, and driving compliance at scale. You'll work cross-functionally with security, engineering, operations, and product teams to embed controls, streamline audits, and continuously mature our compliance posture.

We're looking for a professional who's not just looking for their next job-but someone eager to grow into a future leader and build a career in security compliance that matters.

What You Will Do

• Lead Strategic Compliance Initiatives
  
  
  
  • Oversee enterprise-level audits and assessments (SOC 1, SOC 2, FedRAMP, HITRUST, ISO 27001, PCI-DSS, HIPAA, etc.) from kickoff through final deliverables.
  • Coordinate evidence collection, walk-throughs, and testing with internal teams and external auditors.
  
  
  
  
• Enhance the Control Environment
  
  
  
  • Build, refine, and manage Datavant's Unified Control Framework (UCF) to streamline compliance across overlapping frameworks.
  • Create and update control narratives, test plans, and policy documentation aligned with evolving industry requirements.
  
  
  
  
• Communicate and Influence
  
  
  
  • Serve as a trusted compliance advisor to internal stakeholders-engineering, product, legal, and leadership.
  • Translate complex compliance requirements into clear, actionable technical specifications.
  
  
  
  
• Develop Automation and Process Improvements
  
  
  
  • Identify opportunities to automate evidence collection and testing; enhance efficiency without sacrificing rigor.
  • Contribute to the design and refinement of compliance workflows using smart tooling.
  
  
  
  
• Drive Continuous Improvement
  
  
  
  • Draft control descriptions, SOC report narratives, and remediation plans.
  • Identify control gaps, assess risk, and lead remediation tracking through completion.
  • Stay current on emerging regulations, frameworks, and audit trends to ensure Datavant stays ahead of the curve.
  
  
  
  

What You Need to Succeed

• 4+ years of experience in IT audit, security compliance or risk management.
• Hands-on, proven experience with security frameworks and regulations such as, SOC 2, ISO 27001, HIPAA, PCI DSS, HITRUST, NIST 800-53, and/or FedRAMP.
• Experience conducting technical control assessments and writing audit-ready documentation.
• Excellent communication skills-you can explain control requirements to engineers and translate technical speak for auditors.
• Demonstrated ability to juggle competing priorities in a fast-moving environment.
• Strong analytical, organizational, and project management capabilities.
• Self-starter who is driven to build structure where needed.

Tool & Technology Stack:
We value familiarity with the following tools and platforms. While not all are required, exposure to these (or similar) technologies will help you succeed:

• GRC Platforms: TrustCloud, Drata, LogicGate, ServiceNow GRC
• Ticketing Systems: Jira, Asana
• Collaboration Tools: Slack, Confluence
• Cloud Platforms: AWS (preferred), GCP, Azure
• Automation/Scripting: Familiarity with automation tools or scripting languages (e.g., Python, Bash) for control testing and workflow optimization is a plus

What Helps You Stand Out

• One or more industry-recognized certifications: CISA, CISSP, CISM, CCSP, etc.
• Experience in the healthcare industry or working with PHI and HIPAA compliance.
• Familiarity with cloud-native security practices and cloud compliance tooling.