Sr. ITGC / IT SOX Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

Datavant · 14 hours ago

Sr. ITGC / IT SOX Analyst

positionUnited States
timeFull-time
remoteRemote
seniorityMid, Senior Level
money$136K/yr - $170K/yr
date4+ years exp

Datavant is a data platform company and the world’s leader in health data exchange. As a Sr ITGC / IT SOX Analyst, you will lead the implementation and management of Information Technology General Controls (ITGCs) while collaborating with various teams to ensure compliance with regulatory standards and best practices.

BiopharmaClinical TrialsData IntegrationHealth CareSoftware
badNo H1Bnote

Responsibilities

Lead and monitor ITGC testing (access, change management, computer operations, backup/recovery, interfaces)
Execute walkthroughs, control design assessments, and test-of-one/ongoing effectiveness procedures
Validate completeness and accuracy (C&A) for key reports and data flows; assess IPE
Advise on control design and documentation (risk/control matrices, narratives, process maps)
Track deficiencies; partner on root cause analysis and target-state remediation plans
Independently verify remediation effectiveness and maintain evidence quality
Coordinate with external auditors and co-sourced providers; align on scope, reliance, and timelines
Communicate findings and status to management; escalate risks proactively
Maintain ITGC program artifacts (RACM, population and sample evidence, issue logs)
Contribute to controls automation, segregation of duties (SoD) governance, and periodic access recertifications
Support IT policy/standard refreshes and control rationalization
Perform end-to-end assessment: scoping, risk & control assessments, test plans, fieldwork, and reporting
Assess IT processes including identity & access management, change/release management, backup/recovery, incident/problem management, vulnerability management, patching, disaster recovery/business continuity, interfaces/integrations, and data quality
Perform cybersecurity-themed reviews (e.g., endpoint security, logging/monitoring, vulnerability & patch management, configuration baselines)
Provide practical recommendations that balance risk with operational realities
Monitor remediation progress; validate closure and sustainment of fixes
Support integrated audits with operational/financial teams; contribute to annual risk assessment and audit plan
Draft clear reports with prioritized findings, risk ratings, and management action plans
Present results to stakeholders; communicate clearly to technical and non-technical audiences
Maintain audit methodology and working papers to internal standards; support QA reviews

Qualification

IT General ControlsSOX 404 TestingAccess ManagementChange ManagementGRC/Audit PlatformsCloud PlatformsIdentity/Access GovernanceAnalytical SkillsCollaboration ToolsAutomation/ScriptingTechnical ExposureCommunication SkillsProject ManagementSelf-starterOrganizational Skills

Required

4+ years of progressively responsible IT General Controls experience via IT audit/assurance, SOX 404 testing, or IT risk & controls (Big 4 or industry)
Hands-on experience testing ITGCs and automated application controls; working with internal and external auditors
Strong understanding of access management, change management, computer operations, IPE/C&A, and segregation of duties
Excellent communication skills—you can explain control requirements to engineers and translate technical speak for auditors
Demonstrated ability to juggle competing priorities in a fast-moving environment
Strong analytical, organizational, and project management capabilities
Self-starter who is driven to build structure where needed

Preferred

Certifications: CISA, CISSP, CIA, CPA, CRISC (one or more strongly preferred)
Familiarity with NIST, AICPA / SOC 1 & 2, COBIT, COSO, ITIL, PCI, or ISO 27001
Technical Exposure to cloud controls (Azure/AWS/GCP), DevOps (CI/CD) controls, and data governance
Automation/Scripting/Policy-as-code: Familiarity with automation tools or scripting languages (e.g., Python, Bash) for control testing and workflow optimization is a plus
GRC/Audit Platforms: TrustCloud, AuditBoard/SoxHub
Ticketing Systems: Jira
Collaboration Tools: Slack, Confluence
Cloud Platforms: AWS, Azure, GCP
Proficiency with common ERP systems (e.g., Oracle, NetSuite)
Identity/Access Governance platforms: (e.g Okta , SailPoint)

Company

Datavant

twittertwittertwitter
Glassdoor3.5
company-logo
Datavant protects, connects, and delivers the world’s health data to power better decisions and advance human health.
dateFounded in 2017
location
Phoenix, Arizona, USA
people-size5001-10000 employees
web-link
https://datavant.com

Funding

Current Stage
Late Stage
Total Funding
$80.5M
Key Investors
Transformation Capital
2020-10-08Series B· $40M
2018-04-30Series Unknown· $40.5M

Leadership Team

leader-logo
Jasmin Phua
Head of Government Solutions
linkedin

Recent News

GlobeNewswire
Why Clinical Data Analytics Is Becoming One of Healthcare’s Fastest-Growing Markets?
2026-01-19
GlobeNewswire
Real World Evidence Solutions Market Trends Analysis Report 2025-2033: Expansion Driven by Rising R&D Spend, Growing Real-World Data Volumes, and Increasing Regulatory Acceptance
2026-01-05
Mobihealthnews
New Horizon expands wound care portfolio with Applied Tissue acquisition
2025-12-31
Company data provided by crunchbase