IT Security Risk Specialist

Datavant protects, connects, and delivers the world’s health data to power better decisions and advance human health. We are a data logistics company for healthcare whose products and solutions enable organizations to move and connect data securely. Datavant has a network of networks consisting of thousands of organizations, more than 70,000 hospitals and clinics, 70% of the 100 largest health systems, and an ecosystem of 500+ real-world data partners.

By joining Datavant today, you’re stepping onto a highly collaborative, remote-first team that is passionate about creating transformative change in healthcare. We hire for three traits: we want people who are smart, nice, and get things done. We invest in our people and believe in hiring for high-potential and humble individuals who can rapidly grow their responsibilities as the company scales. Datavant is a distributed, remote-first team, and we empower Datavanters to shape their working environment in a way that suits their needs. 

As the IT Security Risk Specialist working in an enterprise capacity and as a professional colleague within the IT Security and Governance Department, the IT Security Risk Specialist is primarily responsible for responding to client security assessments, engaging with Client Success, Operations Management, and Client contacts to ensure successful completion of any security assessment reviews or request for proposal (RFP) bids.  This is a highly visible position as you will be the day-to-day face of IT Security & Governance with our customers and internal stakeholders.

This role will also serve as a resource to support Datavant’s Third Party Risk Management Program by performing vendor oversight processes as needed.  This position strategically supports key initiatives including evolving and enhancing Client Service offerings. 

You Will:

• Collaborate with internal business partners, along with client and vendor contacts to ensure that audits and/or questionnaires are completed accordingly;
• Track all remediation issues for Clients, and coordinate with Compliance for reporting any open issues in the enterprise risk register;
• Provide Management with feedback on any areas of non-compliance with client obligations, regulatory requirements; or areas of increasing security or compliance focus by clients through assessments or contracts;
• Assist as needed in conducting regular assessments of vendors to ensure compliance with all regulatory requirements to reduce/mitigate risks;
• Provide Management with best practices and process improvement opportunities regarding Client Assurances and Third Party Risk Management processes;
• Assist in updating policies and procedures.
• Interface with all business units to support business risk reduction initiatives;
• Provide monthly metrics to management as requested;
• Other duties as assigned by management.

What You Will Bring to the Table: 

• Bachelor’s Degree in Business related field.
• Minimum 3 years relevant experience completing security assessments, internal controls testing, and risk assessments for both clients and vendors. 
• Exceptional interpersonal and communication skills – both written and verbal.
• Solid understanding and experience with control frameworks or Industry standards such as HITRUST, NIST, FedRamp, Sarbanes Oxley, or other control methodologies).
• Understanding of risks and controls.
• Ability to travel up to 30%.

Bonus Points if:

• Experience should be within IT audit, IT Security, Internal Audit, or Compliance Management.
• Experience working in a GRC tool and other automated technologies
• Ability to effectively communicate with business and technology stakeholders.
• Strong commitment to customer service.
• Self-starter and ability to work independently.
• Ability to comprehend policies, standards, procedures, control frameworks, and regulations.

We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

Our compensation philosophy is to be externally competitive, internally fair, and not win or lose on compensation. Salary ranges for this position are developed with the support of benchmarks and industry best practices. 

We’re building a high-growth, high-autonomy culture. We rely less on job titles and more on cultivating an environment where anyone can contribute, the best ideas win, and personal growth is driven by expanding impact. The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job. The estimated salary range for this role is $98,000 - $128,000.

At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your responses will be anonymous and used to help us identify areas of improvement in our recruitment process. (We can only see aggregate responses, not individual responses. In fact, we aren’t even able to see if you’ve responded or not.) Responding is your choice and it will not be used in any way in our hiring process.