Job Details

Director Of Internal Audit

Datavant is a data platform company and the world's leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format. Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world's leading life sciences companies, government agencies, and those who deliver and pay for care. By joining Datavant today, you're stepping onto a high-performing, values-driven team. Together, we're rising to the challenge of tackling some of healthcare's most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare.

Role Summary: The Director Of Internal Audit will design, implement, and oversee Datavant's internal audit program in alignment with the U.S. Department Of Health And Human Services Office Of Inspector General's (OIG) compliance program guidance and healthcare industry internal audit standards. Reporting to the Chief Compliance And Privacy Officer, the Director Of Internal Audit will evaluate the effectiveness of internal controls, risk management practices, and governance processes across Datavant's business lines, focused on regulatory compliance, privacy-by-design and by-default, and legal risk mitigation. This role will also lead vendor and offshore partner compliance audits, validate corrective action plan implementation, and communicate findings to senior leaders. This role requires a unique combination of healthcare industry internal audit expertise and deep familiarity with health information technology and tech-enabled services. The Director Of Internal Audit will act as a trusted advisor to senior and executive leaders, and support communications to Datavant's executive compliance and board audit committees, ensuring that risks are identified, controls are tested for effectiveness, and audit findings contribute to continuous improvement.

Key Responsibilities:

Audit Program Leadership: Work with senior leaders and cross-functional stakeholders to identify organizational legal, regulatory, privacy, and compliance risks and prioritize business areas to audit based on risk. Support enterprise and compliance risk assessment processes to develop data-driven audit planning and the development of audit risk universe. Develop and execute an adaptive, risk-based internal audit plan consistent with regulatory/legal guidance and industry best practices. Serve as the audit lead for planning, fieldwork, reporting, and follow-up of all internal legal and compliance audit activities. Establish and maintain audit methodologies, tools, and documentation standards that meet regulatory and professional internal audit expectations.

Execution Of Internal Audits: Perform comprehensive audits of operational, compliance, technology, and privacy-related processes across the enterprise. Assess the design and operating effectiveness of internal controls, including those related to HIPAA, GDPR, and healthcare IT interoperability and data use frameworks. Test scalability, efficiency, and effectiveness of key business and technology processes. Lead reviews of privacy-by-design and by-default implementation and safeguards for patient data.

Reporting And Communication: Prepare clear, concise audit reports summarizing scope, methodology, findings, and recommendations. Present audit results and remediation updates to senior/executive leadership, the Board Audit Committee, independent auditors, and regulators as required. Support in development of audit management action plans (MAP), including MAP project management. Track audit finding remediation efforts and perform re-testing to confirm closure of findings.

Advisory And Collaboration: Act as a subject matter expert on internal audit best practices, compliance auditing, and technology risk. Collaborate with Legal, Compliance, Privacy, and Security teams to strengthen internal controls and compliance posture. Provide coaching, guidance, and technical expertise to business partners to prevent recurrence of audit findings. Develop expert-level knowledge of Datavant's business operations across the verticals to enhance advisory opportunities and identify opportunities for the Legal & Compliance department to mitigate risk.

Continuous Improvement: Monitor industry trends, regulatory changes, and enforcement activity to keep Datavant's audit program current. Identify opportunities for process improvements and recommend risk mitigation strategies. Drive adoption of technology, reporting, and analytics tools to enhance audit efficiency.

Basic Qualifications: 10+ years of progressive experience in internal auditing, compliance auditing, or risk management, with at least 5 years in healthcare, life sciences, or healthcare technology. Strong knowledge of privacy laws (e.g., HIPAA, GDPR, state laws) and applicable healthcare information technology regulatory frameworks. Deep knowledge of the IIA's Global Internal Audit Standards and QAIP requirements. Expertise in process/workflow analysis and risk-based auditing methodologies. Excellent analytical, problem-solving, and critical thinking skills. Superior written and verbal communication skills, with the ability to effectively present to senior and executive leaders. Demonstrated ability to work independently and manage multiple high-priority projects simultaneously. Strong ethical standards and commitment to maintaining confidentiality.

Desired Qualifications: In-depth understanding of the OIG's compliance program guidance and experience applying it to audit processes. Preferred certifications include: CIA, CISA, CHC/CHPC, CIPP/US, CCEP. Demonstrated expertise in auditing technology environments, including information security, data platforms, and privacy-by-design controls. Demonstrated experience in on-time delivery of risk-based plan; reduction in issue aging and on-time remediation; and reducing recurring findings. Proven ability to design and execute risk-based audit programs in complex organizations. Adaptability and willingness to navigate a dynamic, fast-paced environment.