Sr. IT Audit and Compliance Analyst

About The Position

Requirements

• 4+ years of experience in IT audit, security compliance or risk management.
• Hands-on, proven experience with security frameworks and regulations such as, HIPAA, PCI-DSS, HITRUST, NIST 800-53, and/or FedRAMP.
• Experience conducting technical control assessments and writing audit-ready documentation.
• Excellent communication skills—you can explain control requirements to engineers and translate technical speak for auditors.
• Demonstrated ability to juggle competing priorities in a fast-moving environment.
• Strong analytical, organizational, and project management capabilities.
• Self-starter who is driven to build structure where needed.

Nice To Haves

• One or more industry-recognized certifications: CISA, CISSP, CISM, CCSP, etc.
• Experience in the healthcare industry or working with PHI and HIPAA compliance.
• Familiarity with cloud-native security practices and cloud compliance tooling.

Responsibilities

• Support Strategic Compliance Initiatives
• Contribute to enterprise-level audits and assessments (FedRAMP, HITRUST, PCI-DSS, HIPAA, etc.) from kickoff through final deliverables and report delivery.
• Perform technical control testing and validation for infrastructure, applications, and cloud services.
• Coordinate walkthroughs, evidence collection, and remediation tracking with internal teams and external auditors.
• Strengthen the Control Environment
• Support the maintenance and enhancement of Datavant's Unified Control Framework (UCF) to align overlapping compliance frameworks.
• Draft and update control narratives, test plans, and policy documentation in response to evolving regulatory and industry requirements.
• Partner with control owners to validate control effectiveness and identify improvement opportunities.
• Communicate and Collaborate
• Act as a compliance subject matter expert, supporting internal stakeholders across engineering, product, legal, and operations.
• Translate complex compliance requirements into clear, actionable technical and operational guidance.
• Provide clear, concise documentation and summaries to support audit readiness and stakeholder understanding.
• Enhance Processes and Automation
• Identify opportunities to automate and streamline evidence collection and control testing.
• Collaborate with GRC team members to improve existing compliance workflows and leverage tooling for greater efficiency.
• Participate in process reviews to strengthen consistency and accuracy across compliance activities.
• Drive Continuous Improvement
• Draft control descriptions, SOC report narratives, and remediation plans.
• Identify control gaps, assess risk, and lead remediation tracking through completion.
• Stay current on emerging regulations, frameworks, and audit trends to ensure Datavant stays ahead of the curve.