Kentucky Staffing
Sr. IT Audit and Compliance Analyst
Kentucky Staffing, Frankfort, Kentucky, United States, 40601
Senior Analyst, Information Security Governance, Risk, and Compliance (GrC)
Datavant is a data platform company and the world's leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format. Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world's leading life sciences companies, government agencies, and those who deliver and pay for care. By joining Datavant today, you're stepping onto a high-performing, values-driven team. Together, we're rising to the challenge of tackling some of healthcare's most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare. What We're Looking For
As a Senior Analyst within the Information Security Governance, Risk, and Compliance (GRC) organization, you will play a key role in supporting Datavant's audit, compliance, and assurance activities. You'll apply your deep understanding of IT controls, risk management, and compliance frameworks to help maintain and improve Datavant's control environment. This is a hands-on role suited for a self-starter who enjoys solving problems, collaborating cross-functionally, and ensuring compliance excellence in a fast-paced environment. What You Will Do
Support strategic compliance initiatives. Contribute to enterprise-level audits and assessments (FedRAMP, HITRUST, PCI-DSS, HIPAA, etc.) from kickoff through final deliverables and report delivery. Perform technical control testing and validation for infrastructure, applications, and cloud services. Coordinate walkthroughs, evidence collection, and remediation tracking with internal teams and external auditors. Strengthen the control environment. Support the maintenance and enhancement of Datavant's Unified Control Framework (UCF) to align overlapping compliance frameworks. Draft and update control narratives, test plans, and policy documentation in response to evolving regulatory and industry requirements. Partner with control owners to validate control effectiveness and identify improvement opportunities. Communicate and collaborate. Act as a compliance subject matter expert, supporting internal stakeholders across engineering, product, legal, and operations. Translate complex compliance requirements into clear, actionable technical and operational guidance. Provide clear, concise documentation and summaries to support audit readiness and stakeholder understanding. Enhance processes and automation. Identify opportunities to automate and streamline evidence collection and control testing. Collaborate with GRC team members to improve existing compliance workflows and leverage tooling for greater efficiency. Participate in process reviews to strengthen consistency and accuracy across compliance activities. Drive continuous improvement. Draft control descriptions, SOC report narratives, and remediation plans. Identify control gaps, assess risk, and lead remediation tracking through completion. Stay current on emerging regulations, frameworks, and audit trends to ensure Datavant stays ahead of the curve. What You Need To Succeed
4+ years of experience in IT audit, security compliance or risk management. Hands-on, proven experience with security frameworks and regulations such as, HIPAA, PCI-DSS, HITRUST, NIST 800-53, and/or FedRAMP. Experience conducting technical control assessments and writing audit-ready documentation. Excellent communication skillsyou can explain control requirements to engineers and translate technical speak for auditors. Demonstrated ability to juggle competing priorities in a fast-moving environment. Strong analytical, organizational, and project management capabilities. Self-starter who is driven to build structure where needed. Tool & Technology Stack: We value familiarity with the following tools and platforms. While not all are required, exposure to these (or similar) technologies will help you succeed: GRC Platforms: TrustCloud or Similar Ticketing Systems: Jira, Asana Collaboration Tools: Slack, Confluence Cloud Platforms: AWS (preferred), GCP, Azure Automation/Scripting: Familiarity with automation tools or scripting languages (e.g., Python, Bash) for control testing and workflow optimization is a plus. Bonus points for: One or more industry-recognized certifications: CISA, CISSP, CISM, CCSP, etc. Experience in the healthcare industry or working with PHI and HIPAA compliance. Familiarity with cloud-native security practices and cloud compliance tooling.
Datavant is a data platform company and the world's leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format. Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world's leading life sciences companies, government agencies, and those who deliver and pay for care. By joining Datavant today, you're stepping onto a high-performing, values-driven team. Together, we're rising to the challenge of tackling some of healthcare's most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare. What We're Looking For
As a Senior Analyst within the Information Security Governance, Risk, and Compliance (GRC) organization, you will play a key role in supporting Datavant's audit, compliance, and assurance activities. You'll apply your deep understanding of IT controls, risk management, and compliance frameworks to help maintain and improve Datavant's control environment. This is a hands-on role suited for a self-starter who enjoys solving problems, collaborating cross-functionally, and ensuring compliance excellence in a fast-paced environment. What You Will Do
Support strategic compliance initiatives. Contribute to enterprise-level audits and assessments (FedRAMP, HITRUST, PCI-DSS, HIPAA, etc.) from kickoff through final deliverables and report delivery. Perform technical control testing and validation for infrastructure, applications, and cloud services. Coordinate walkthroughs, evidence collection, and remediation tracking with internal teams and external auditors. Strengthen the control environment. Support the maintenance and enhancement of Datavant's Unified Control Framework (UCF) to align overlapping compliance frameworks. Draft and update control narratives, test plans, and policy documentation in response to evolving regulatory and industry requirements. Partner with control owners to validate control effectiveness and identify improvement opportunities. Communicate and collaborate. Act as a compliance subject matter expert, supporting internal stakeholders across engineering, product, legal, and operations. Translate complex compliance requirements into clear, actionable technical and operational guidance. Provide clear, concise documentation and summaries to support audit readiness and stakeholder understanding. Enhance processes and automation. Identify opportunities to automate and streamline evidence collection and control testing. Collaborate with GRC team members to improve existing compliance workflows and leverage tooling for greater efficiency. Participate in process reviews to strengthen consistency and accuracy across compliance activities. Drive continuous improvement. Draft control descriptions, SOC report narratives, and remediation plans. Identify control gaps, assess risk, and lead remediation tracking through completion. Stay current on emerging regulations, frameworks, and audit trends to ensure Datavant stays ahead of the curve. What You Need To Succeed
4+ years of experience in IT audit, security compliance or risk management. Hands-on, proven experience with security frameworks and regulations such as, HIPAA, PCI-DSS, HITRUST, NIST 800-53, and/or FedRAMP. Experience conducting technical control assessments and writing audit-ready documentation. Excellent communication skillsyou can explain control requirements to engineers and translate technical speak for auditors. Demonstrated ability to juggle competing priorities in a fast-moving environment. Strong analytical, organizational, and project management capabilities. Self-starter who is driven to build structure where needed. Tool & Technology Stack: We value familiarity with the following tools and platforms. While not all are required, exposure to these (or similar) technologies will help you succeed: GRC Platforms: TrustCloud or Similar Ticketing Systems: Jira, Asana Collaboration Tools: Slack, Confluence Cloud Platforms: AWS (preferred), GCP, Azure Automation/Scripting: Familiarity with automation tools or scripting languages (e.g., Python, Bash) for control testing and workflow optimization is a plus. Bonus points for: One or more industry-recognized certifications: CISA, CISSP, CISM, CCSP, etc. Experience in the healthcare industry or working with PHI and HIPAA compliance. Familiarity with cloud-native security practices and cloud compliance tooling.