Security Customer Assurance Lead

Datavant is a data logistics company for healthcare whose products and solutions enable organizations to move and connect data securely. We are a data logistics company for healthcare whose products and solutions enable organizations to move and connect data securely. Datavant has a network of networks consisting of thousands of organizations, more than 70,000 hospitals and clinics, 70% of the 100 largest health systems, and an ecosystem of 500+ real-world data partners.

By joining Datavant today, you’re stepping onto a highly collaborative, remote-first team that is passionate about creating transformative change in healthcare. We hire for three traits: we want people who are smart, nice, and get things done. We invest in our people and believe in hiring for high-potential and humble individuals who can rapidly grow their responsibilities as the company scales. Datavant is a distributed, remote-first team, and we empower Datavanters to shape their working environment in a way that suits their needs.

As a lead within the larger Information Security Governance, Risk, and Compliance (GRC) organization, you will join our Customer Security Assurance program. In this role you will be the voice of security with our customers and be responsible for building the long term plan that builds the trust needed to accomplish Datavant’s vision of connecting the world's healthcare data. If you appreciate that security is not just a cost-center, but a competitive advantage, this role will enable you to lead us building trust and growing our business by leveraging our strong security program. We will be the best in industry at security, and you will help us bring this to life!

You will:

• Coordinate and manage responses to customer enquiries, including contributing to Request for Proposals (RFP), responding to customer security enquiries, diligence assessments, customer audits, etc. 
• Perform technical assessments and documentation around key controls and security processes, including working knowledge of key controls across a number of industry best practices
• Liaise with customers, articulating control implementation, and describing considerations for applying security and compliance concepts to a technical environment. Simplify security compliance requirements into clear technical control specifications and policies.
• Field and address requests for team support in collaboration with internal and external stakeholders.
• Communicate effectively and regularly with internal teams and customers
• Support our legal teams in contract review activities to ensure security contract clauses are appropriate.
• Track metrics and develop reporting to demonstrate the status and progress of your work. 
• Continuously build and refine knowledge base information, whitepapers, frequently asked questions, control narratives, etc. and contribute to ongoing development and improvement. 
• Understand the impact of security in our go-to-market pipeline, report on trends and help us improve how we invest in security.
• Stay apprised on industry standards and regulations for security and compliance

What you will bring to the table: 

• 4+ years experience in security, audits, customer assurance, control assessments, or risk assessments based on security and privacy frameworks, such as SOC 2, ISO 27001, HIPAA, PCI, HITRUST, NIST 800-53, FedRAMP, etc.
• Experience in performing technical assessments and documentation around key controls and security processes, as well as auditing IT processes, including working knowledge of key controls across a number of industry best practices
• Excellent analytical, problem-solving, and project management skills
• Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams, stakeholders, and customers
• Detail-oriented and able to handle multiple priorities in a fast-paced environment
• Ability to operate effectively in ambiguity

Bonus points if:

• One or more industry-recognized security, cloud, or audit professional certifications (e.g., CISA, CISM, CISSP, CCSP, etc.)
• IT security and audit experience in the healthcare industry
• Knowledge of, or experience working with, cloud-services environment (e.g. AWS) and cloud security controls

We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

Our compensation philosophy is to be externally competitive, internally fair, and not win or lose on compensation. Salary ranges for this position are developed with the support of benchmarks and industry best practices. 

We’re building a high-growth, high-autonomy culture. We rely less on job titles and more on cultivating an environment where anyone can contribute, the best ideas win, and personal growth is driven by expanding impact. The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job. The estimated salary range for this role is  [$X,XXX - $X,XXX].

At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your responses will be anonymous and used to help us identify areas of improvement in our recruitment process. (We can only see aggregate responses, not individual responses. In fact, we aren’t even able to see if you’ve responded or not.) Responding is your choice and it will not be used in any way in our hiring process.