Security Audit and Compliance Lead

View full description

Requirements:

• 4+ years experience in security, audits, customer assurance, control assessments, or risk assessments based on security and privacy frameworks.
• Experience with frameworks such as SOC 2, ISO 27001, HIPAA, PCI, HITRUST, NIST 800-53, FedRAMP.
• Excellent analytical, problem-solving, and project management skills.
• Strong communication and interpersonal skills.
• Detail-oriented and able to handle multiple priorities in a fast-paced environment.
• Ability to operate effectively in ambiguity.

Responsibilities:

• Lead and manage enterprise-level GRC audits and assessments from initiation to completion.
• Facilitate audit procedures and evidence gathering with external auditors and internal partners.
• Manage customer assessment and assurance activities.
• Communicate effectively and regularly with internal teams, external auditors, and customers.
• Perform technical assessments and documentation around key controls and security processes.
• Liaise with customers and auditors, articulating control implementation.
• Simplify security compliance requirements into clear technical control specifications and policies.
• Continuously build and refine Datavant’s internal control framework and related documentation.
• Actively identify and communicate control gaps; assist in developing remediation efforts.
• Stay apprised on industry standards and regulations for security and compliance.