Datavant · 3 days ago

Security Audit and Compliance Lead

Remote, United States

Full-time

Remote

Senior Level

$136K/yr - $180K/yr

4+ years exp

Maximize your interview chances

BiopharmaClinical Trials

No H1B

Insider Connection @Datavant

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Lead and manage enterprise-level GRC audits and assessments from initiation to completion, ensuring timely delivery and adherence to project objectives, timelines and budgets.

Facilitate audit procedures and evidence gathering with external auditors and internal partners

Manage customer assessment and assurance activities

Communicate effectively and regularly with internal teams, external auditors, and customers

Perform technical assessments and documentation around key controls and security processes, as well as auditing IT processes, including working knowledge of key controls across a number of industry best practices

Liaise with customers and auditors, articulating control implementation, and describing considerations for applying security and compliance concepts to a technical environment.

Field and address requests for team support in collaboration with internal and external stakeholders.

Simplify security compliance requirements into clear technical control specifications and policies.

Continuously build and refine Datavant’s internal control framework and related documentation (e.g., policies, procedures, control narratives), and contribute to ongoing controls development and improvement

Actively identify and communicate control gaps; help the company develop and confirm remediation efforts

Stay apprised on industry standards and regulations for security and compliance

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

GRC auditsSecurity complianceRisk assessmentsSOC 2ISO 27001HIPAAPCIHITRUSTNIST 800-53FedRAMPTechnical assessmentsProject managementCISACISMCISSPCCSPAWSHandle ambiguity

Required

4+ years experience in security, audits, customer assurance, control assessments, or risk assessments based on security and privacy frameworks, such as SOC 2, ISO 27001, HIPAA, PCI, HITRUST, NIST 800-53, FedRAMP, etc.

Experience in performing technical assessments and documentation around key controls and security processes, as well as auditing IT processes, including working knowledge of key controls across a number of industry best practices

Excellent analytical, problem-solving, and project management skills

Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams, stakeholders, and customers

Detail-oriented and able to handle multiple priorities in a fast-paced environment

Ability to operate effectively in ambiguity