Datavant is a data platform company and the world's leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format.
Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world's leading life sciences companies, government agencies, and those who deliver and pay for care.
By joining Datavant today, you're stepping onto a high-performing, values-driven team. Together, we're rising to the challenge of tackling some of healthcare's most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare.
What We're Looking For
We are seeking a highly skilled Senior Risk Analyst (GRC) who will play a critical role in executing our information security risk management, governance, and security awareness programs. This role is ideal for a GRC professional with strong experience in risk analysis, stakeholder (technical and non-technical) communication, quantitative and qualitative reporting, and collaborates with an agile, solution-oriented mindset.
You will focus primarily on operational GRC execution, including risk assessments, remediation tracking, policy and data governance, and security awareness support. You will also partner cross-functionally to help automate processes, build scalable workflows, and mature our governance programs in a complex and rapidly evolving environment.
What You Will Do
* Work remotely and operate both independently and collaboratively to provide expert-level GRC analysis.
* Perform ongoing information security risk assessments across vendors, systems, processes, and business units using standardized methodologies.
* Support continuous improvement of risk processes, including risk quantification, control mapping, scoring, and trend analysis.
* Contribute to remediation tracking and automation, including validation of actions, follow-ups with owners, and reporting on overdue or at-risk items.
* Support policy and standards governance, including drafting, revisions, approvals, publication, and tracking.
* Support governance committee activities, including Artificial Intelligence and Software review workflows
* Administer and enhance security awareness and training initiatives.
* Participate in maturing the Data Governance program by supporting data classification, inventory management, and risk identification using DSPM tooling.
* Build dashboards and analytics to visualize risk trends, key performance indicators, and remediation progress.
* Identify opportunities to streamline workflows, reduce manual effort, and improve scalability and agility.
* Collaborate with cross-functional teams to assess risks and support consistent security control application.
* Translate technical risks into clear, business-relevant insights for stakeholders.
What You Need To Succeed
* Experience: 4-6 years of hands-on experience in Information Security, GRC, risk management or security awareness.
* Technical Proficiency: Strong understanding of security controls, frameworks, and IT processes. Experience working with GRC platforms (TrustCloud preferred), JIRA, and BI tools such as Sigma.
* Analytical Skills: Strong analytical and problem-solving abilities, with a keen attention to detail and the capacity to manage multiple priorities in a fast-paced environment.
* Communication Skills: Excellent communication and interpersonal skills, capable of effectively engaging with cross-functional teams and stakeholders across technical and non-technical roles.
* Adaptability: Strong ability to operate in an ambiguous, fast-moving, innovation-focused environment while maintaining high-quality execution.
What Helps You Stand Out
* Experience: Strong understanding of security and privacy frameworks such as HITRUST, HIPAA, ISO 27001, PCI, SOC 2, NIST 800-53, or FedRAMP.
* Certifications: Possession of industry-recognized security, audit or related professional certifications such as CRISC, CISSP, CISA, or CISM.
* Healthcare Industry Experience: Prior experience in IT security and GRC functions within the healthcare sector.
* GRC and Analytics Tooling Experience: Hands-on experience with GRC platforms used for risk tracking, control mapping, and audit readiness. Proficiency in developing dashboards and visualizations that communicate risk, remediation, and compliance trends to leadership.
To ensure the safety of patients and staff, many of our clients require post-offer health screenings and proof and/or completion of various vaccinations such as the flu shot, Tdap, COVID-19, etc. Any requests to be exempted from these requirements will be reviewed by Datavant Human Resources and determined on a case-by-case basis. Depending on the state in which you will be working, exemptions may be available on the basis of disability, medical contraindications to the vaccine or any of its components, pregnancy or pregnancy-related medical conditions, and/or religion.
This job is not eligible for employment sponsorship.
Datavant is committed to a work environment free from job discrimination. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. To learn more about our commitment, please review our EEO Commitment Statement here. Know Your Rights, explore the resources available through the EEOC for more information regarding your legal rights and protections. In addition, Datavant does not and will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay.
At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your answers will be anonymous and will help us identify areas for improvement in our recruitment process. (We can only see aggregate responses, not individual ones. In fact, we aren't even able to see whether you've responded.) Responding is entirely optional and will not affect your application or hiring process in any way.
Datavant is committed to working with and providing reasonable accommodations to individuals with physical and mental disabilities. If you need an accommodation while seeking employment, please request it here, by selecting the 'Interview Accommodation Request' category. You will need your requisition ID when submitting your request, you can find instructions for locating it here. Requests for reasonable accommodations will be reviewed on a case-by-case basis.
For more information about how we collect and use your data, please review our Privacy Policy.