Director, Internal Audit

Role Summary:

The Director of Internal Audit will design, implement, and oversee Datavant's legal and compliance internal audit program in alignment with the U.S. Department of Health and Human Services Office of Inspector General's (OIG) compliance program guidance and healthcare industry internal audit standards. Reporting to the Chief Compliance and Privacy Officer, the Director of Internal Audit will evaluate the effectiveness of internal controls, risk management practices, and governance processes across Datavant's Provider, Payer, Life Sciences, and Legal & Insurance business lines, focused on regulatory compliance, privacy-by-design and by-default, and legal risk mitigation. This role will also lead vendor and offshore partner compliance audits, validate corrective action plan implementation, and communicate findings to senior leaders.

This role requires a unique combination of healthcare industry internal audit expertise and deep familiarity with health information technology and tech-enabled services. The Director of Internal Audit will act as a trusted advisor to senior and executive leaders, and support communications to Datavant's executive compliance and board audit committees, ensuring that risks are identified, controls are tested for effectiveness, and audit findings contribute to continuous improvement.

Note: This position is not focused on nor responsible for financial auditing or SOX financial reporting, but will coordinate with cross-functional teams to support financial internal controls as needed.

Key Responsibilities:

Audit Program Leadership

• Work with senior leaders and cross-functional stakeholders to identify organizational legal, regulatory, privacy, and compliance risks and prioritize business areas to audit based on risk
• Support enterprise and compliance risk assessment processes to develop data-driven audit planning and the development of audit risk universe
• Develop and execute an adaptive, risk-based internal audit plan consistent with regulatory/legal guidance and industry best practices
• Serve as the audit lead for planning, fieldwork, reporting, and follow-up of all internal legal and compliance audit activities
• Establish and maintain audit methodologies, tools, and documentation standards that meet regulatory and professional internal audit expectations

Execution of Internal Audits

• Perform comprehensive audits of operational, compliance, technology, and privacy-related processes across the enterprise
• Assess the design and operating effectiveness of internal controls, including those related to HIPAA, GDPR, and healthcare IT interoperability and data use frameworks
• Test scalability, efficiency, and effectiveness of key business and technology processes
• Lead reviews of privacy-by-design and by-default implementation and safeguards for patient data

Reporting and Communication

• Prepare clear, concise audit reports summarizing scope, methodology, findings, and recommendations
• Present audit results and remediation updates to senior/executive leadership, the Board Audit Committee, independent auditors, and regulators as required
• Support in development of audit management action plans (MAP), including MAP project management

Track audit finding remediation efforts and perform re-testing to confirm closure of findings

Advisory and Collaboration

• Act as a subject matter expert on internal audit best practices, compliance auditing, and technology risk
• Collaborate with Legal, Compliance, Privacy, and Security teams to strengthen internal controls and compliance posture
• Provide coaching, guidance, and technical expertise to business partners to prevent recurrence of audit findings
• Develop expert-level knowledge of Datavant's business operations across the Provider, Payer, Life Sciences, and Legal & Insurance verticals to enhance advisory opportunities and identify opportunities for the Legal & Compliance department to mitigate risk

Continuous Improvement

• Monitor industry trends, regulatory changes, and enforcement activity to keep Datavant's audit program current
• Identify opportunities for process improvements and recommend risk mitigation strategies
• Drive adoption of technology, reporting, and analytics tools to enhance audit efficiency

Basic Qualifications:

• 10+ years of progressive experience in internal auditing, compliance auditing, or risk management, with at least 5 years in healthcare, life sciences, or healthcare technology
• Strong knowledge of privacy laws (e.g., HIPAA, GDPR, state laws) and applicable healthcare information technology regulatory frameworks
• Deep knowledge of the IIA's Global Internal Audit Standards and QAIP requirements
• Expertise in process/workflow analysis and risk-based auditing methodologies
• Excellent analytical, problem-solving, and critical thinking skills
• Superior written and verbal communication skills, with the ability to effectively present to senior and executive leaders
• Demonstrated ability to work independently and manage multiple high-priority projects simultaneously
• Strong ethical standards and commitment to maintaining confidentiality

Desired Qualifications:

• In-depth understanding of the OIG's compliance program guidance and experience applying it to audit processes.
• Preferred certifications include: CIA, CISA, CHC/CHPC, CIPP/US, CCEP.
• Demonstrated expertise in auditing technology environments, including information security, data platforms, and privacy-by-design controls.
• Demonstrated experience in on-time delivery of risk-based plan; reduction in issue aging and on-time remediation; and reducing recurring findings.
• Proven ability to design and execute risk-based audit programs in complex organizations.
• Adaptability and willingness to navigate a dynamic, fast-paced environment.