Risk Operations Manager

Datavant is a data platform company and the world’s leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format.

Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world’s leading life sciences companies, government agencies, and those who deliver and pay for care. 

By joining Datavant today, you’re stepping onto a high-performing, values-driven team. Together, we’re rising to the challenge of tackling some of healthcare’s most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare.

Datavant is a data platform company and the world’s leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format.

Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world’s leading life sciences companies, government agencies, and those who deliver and pay for care. 

By joining Datavant today, you’re stepping onto a high-performing, values-driven team. Together, we’re rising to the challenge of tackling some of healthcare’s most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare. 

What We’re Looking For

We are seeking a Risk Operations Manager to lead the development, implementation, and oversight of key risk management functions, including policies, vendor security management, training and awareness, security communications, and overall risk governance. This role is critical in ensuring the organization's security and risk management frameworks align with regulatory requirements, industry best practices, and business objectives.

The Risk Operations Manager will lead a team and collaborate across departments—working with IT, security, compliance, procurement, legal, and external vendors—to mitigate risks and drive security awareness across the organization.

What You Will Do

• Develop and oversee enterprise-wide risk management programs, ensuring compliance with frameworks such as NIST, ISO 27001, HITRUST, and HIPAA.
• Maintain a risk register and provide regular reporting on key risks and mitigation activities to senior leadership.
• Lead the creation, review, and maintenance of security policies, standards, and procedures to align with regulatory and business requirements.
• Oversee the management of the vendor security risk assessment program, ensuring third-party vendors comply with security and regulatory requirements.
• Evaluate security controls of vendors during onboarding and contract renewals, collaborating with procurement, legal, and IT teams to enforce security requirements in vendor agreements.
• Lead the organization’s security training and awareness program, ensuring employees and vendors understand security policies and best practices.
• Establish and lead a security communications program.
• Develop and deliver engaging training materials, security campaigns, and phishing simulations to drive a security-conscious culture.
• Partner with Security Operations and Incident Response teams to communicate risk exposure and mitigation strategies effectively.
• Provide executive reports on security risk trends, compliance status, and policy effectiveness

What You Need to Succeed

• 5+ years of experience in risk management, security compliance, or vendor security management.
• Bachelor's degree in Information Security, Risk Management, Business Administration, or a related field.
• Strong background in developing and managing security policies, risk frameworks, and third-party security assessments.
• Experience designing and implementing security training and awareness programs.
• Knowledge of regulatory requirements such as HIPAA, SOX and frameworks like NIST, ISO 27001, or HITRUST.
• Strong understanding of security risk management principles, governance, and best practices.
• Excellent project management and organizational skills, with the ability to handle multiple initiatives.
• Strong analytical skills to assess risk, recommend controls, and communicate effectively with stakeholders.
• Outstanding communication skills, with the ability to deliver effective security awareness training and present risk reports to leadership.

What Helps You Stand Out

• Relevant certifications such as CISSP, CISM, CRISC of CISA.
• Experience in healthcare security and risk management.
• Knowledge of risk frameworks relative to the healthcare industry
• Familiarity with GRC (Governance, Risk, and Compliance) tools and risk tracking platforms.
• Experience engaging with vendors, auditors, and cross-functional teams to manage risk and compliance initiatives.

What We Offer

• Salary- $152,000- $190,000
• Benefits, Vision, Dental 
• 401K match 
• Flexible PTO 

To ensure the safety of patients and staff, many of our clients require post-offer health screenings and proof and/or completion of various vaccinations such as the flu shot, Tdap, COVID-19, etc. Any requests to be exempted from these requirements will be reviewed by Datavant Human Resources and determined on a case-by-case basis. Depending on the state in which you will be working, exemptions may be available on the basis of disability, medical contraindications to the vaccine or any of its components, pregnancy or pregnancy-related medical conditions, and/or religion.

This job is not eligible for employment sponsorship.

Datavant is committed to a work environment free from job discrimination. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. To learn more about our commitment, please review our EEO Commitment Statement here. Know Your Rights, explore the resources available through the EEOC for more information regarding your legal rights and protections. In addition, Datavant does not and will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. 

At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your answers will be anonymous and will help us identify areas for improvement in our recruitment process. (We can only see aggregate responses, not individual ones. In fact, we aren’t even able to see whether you’ve responded.) Responding is entirely optional and will not affect your application or hiring process in any way.

Datavant is committed to working with and providing reasonable accommodations to individuals with physical and mental disabilities. If you need an accommodation while seeking employment, please contact us at peopleteam@datavant.com. We will review your request for reasonable accommodation on a case-by-case basis.