Senior Manager, Infosec Compliance

Datavant is a data logistics company for healthcare whose products and solutions enable organizations to move and connect data securely. We are a data logistics company for healthcare whose products and solutions enable organizations to move and connect data securely. Datavant has a network of networks consisting of thousands of organizations, more than 70,000 hospitals and clinics, 70% of the 100 largest health systems, and an ecosystem of 500+ real-world data partners.

By joining Datavant today, you’re stepping onto a highly collaborative, remote-first team that is passionate about creating transformative change in healthcare. We hire for three traits: we want people who are smart, nice, and get things done. We invest in our people and believe in hiring for high-potential and humble individuals who can rapidly grow their responsibilities as the company scales. Datavant is a distributed, remote-first team, and we empower Datavanters to shape their working environment in a way that suits their needs.

As a leader within the larger Information Security organization, your mission is to help lead your portion of GRC to the next level of evolution at Datavant, using a dual focus on delivering high-quality service for our internal stakeholders, as well as “automating away all the boring stuff” about your team’s jobs. This type of mission has very rarely been done on most GRC teams. In particular, most of the tasks for the Infosec Compliance jobs are heavily manual, which means excessive toil, potential mistakes, longer SLAs, which can result in burnout for hardworking practitioners in these types of roles. But no more. We’ve already started down this path, but we want you to help lead it to the finish line. How will you be able to make GRC history?

You will:

• Lead a team of security and compliance professionals, delivering on our compliance programs and customer assurance activities with a focus on innovative automated processes
• Set and reinforce strategic direction, execute audit and compliance roadmaps, monitor progress, coordinate improvement efforts internally and externally, and assess process-improvement effectiveness
• Ensure the team completes their process mapping for each role, with edge cases, so that the how-to information is centrally available for review and knowledge transfer;
• Ensure the team delivers usable, updated requirements to their automation partners;
• Monitor the team for proper testing and re-testing of any process improvements and automation as needed;
• Challenge the team to devise meaningful ways to measure their success and blockers in each of their functions; then, publish those and use them to make iterative improvements to your programs
• Establish a baseline and publish a monthly NPS for all functions you manage;
• Hold the team accountable for keeping their OKR, epic, and other project documentation up-to-date
• Coach your team, holding them accountable for continuous improvement, and provide clarity and mentorship on how they will get to the next steps in their careers
• Stay apprised on industry standards and regulations for security and compliance
• Communicate effectively and regularly with internal teams and customers about security-compliance practices.
• If you’ve ever wished you could uplevel these jobs and elevate the practitioners to work on more interesting and impactful projects within your company, this is that opportunity.

What you will bring to the table: 

• 5+ years experience helping organizations build their security-compliance programs based on control and privacy frameworks, such as SOC 2, ISO 27001, HIPAA, PCI, HITRUST, NIST 800-53, FedRAMP, etc.
• Minimum 3 years successfully leading any GRC team and function
• Proven examples of technical improvements to manual, non-technical GRC processes you’ve managed
• Excellent communicator and mentor for different personalities, audiences, and learning styles within GRC, the greater Security org, the Engineering org, our business units, and customers
• Talent for debugging process and people problems, and helping to change the course of the company for the better

Bonus points if:

• You’ve written some code to achieve any of the above points (we love demos!)
• You have a formal process-reengineering background

We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

Our compensation philosophy is to be externally competitive, internally fair, and not win or lose on compensation. Salary ranges for this position are developed with the support of benchmarks and industry best practices. 

We’re building a high-growth, high-autonomy culture. We rely less on job titles and more on cultivating an environment where anyone can contribute, the best ideas win, and personal growth is driven by expanding impact. The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job. The estimated salary range for this role is  $175,000- $230,000.

At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your responses will be anonymous and used to help us identify areas of improvement in our recruitment process. (We can only see aggregate responses, not individual responses. In fact, we aren’t even able to see if you’ve responded or not.) Responding is your choice and it will not be used in any way in our hiring process.