IT Controls & Compliance Analyst

Are you passionate about making a difference in people's lives? Do you enjoy working in a service-oriented industry? If so, this opportunity may be the right fit for you! Modivcare is looking for an experienced IT Controls & Compliance Analyst to join our team, supporting enterprise-wide IT governance, compliance, risk management, and audit initiatives. This role is responsible for helping ensure compliance with regulatory requirements and industry standards including

SOX, HITRUST, HIPAA, SOC 2, ISO

27001, and related control frameworks. The ideal candidate will bring strong experience in IT General Controls (ITGCs), audit coordination, compliance monitoring, and governance processes, while partnering cross-functionally to strengthen the organization's overall compliance posture. This position is based in our Denver office and requires on-site attendance five (5) days per week. This role… Develops, implements, and maintains IT compliance policies, procedures, processes, and controls supporting regulatory, customer, and industry requirements, including

HIPAA, HITRUST, SOX, SOC 2, ISO

27001, and CCPA. Leads and coordinates internal and external IT audits, assessments, and compliance engagements, including audit planning, evidence collection, remediation tracking, and coordination with business stakeholders and third-party assessors. Manages and optimizes Governance, Risk & Compliance (GRC) processes, workflows, tooling, reporting, and monitoring activities supporting control testing, audit readiness, evidence management, remediation tracking, and continuous compliance monitoring. Conducts and supports routine and ad hoc testing of IT General Controls (ITGCs), automated controls, application controls, and related compliance processes through walkthroughs, evidence validation, technical analysis, and control testing activities. Reviews and analyzes technical evidence, system-generated reports, and control artifacts to validate compliance with established policies, standards, and control requirements. Collaborates with technical teams to evaluate system configurations, access controls, change management activities, logging, monitoring, and other technical controls supporting compliance and audit objectives. Supports customer compliance activities and audit requests, including responding to customer security and compliance inquiries and maintaining compliance-related reporting commitments. Supports continuous compliance and controls monitoring initiatives through automation, data analytics, governance reporting, and control performance tracking activities. Reviews and maintains IT security policies, standards, and governance documentation to align with industry frameworks and organizational requirements, including

NIST CSF, NIST

800-53, and

ISO 27001.

Supports IT risk management activities, including vulnerability management, patch governance, third-party risk assessments, POAM management, remediation tracking, and security awareness initiatives. Ensures IT staff understand assigned compliance responsibilities, risks, and controls through communication, coordination, and training support activities. Identifies opportunities to improve compliance, audit, and governance operations through process optimization, control automation, scripting, data analytics, GRC enhancements, and emerging AI-assisted capabilities. Ensures compliance commitments and audit activities are completed accurately and within established timelines. May lead projects and perform additional duties as assigned, including occasional business travel as required. This role does not have direct supervisory responsibilities. We are interested in speaking with individuals with the following… Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security/Cyber Security, or a related field preferred. Five (5) or more years of experience in IT compliance, IT audit, information security governance, risk management, or related areas. Experience supporting IT audits, IT General Controls (ITGC) testing, compliance assessments, and external audit engagements, including

HITRUST, SOC 2, ISO

27001, and SOX preferred. CISA certification strongly preferred. CISSP, CRISC, ITIL, GIAC, or related certifications are a plus. Equivalent combinations of education and experience may be considered. Strong knowledge of IT governance, compliance, audit, and risk management principles and practices. Experience supporting and coordinating compliance programs, audits, assessments, and remediation activities across multiple regulatory and industry frameworks. Knowledge of regulatory requirements and industry standards, including

HIPAA, HITRUST, SOX, SOC 2, NIST CSF, NIST 800-53, ISO

27001, and CCPA. Strong understanding of IT General Controls (ITGCs), IT audit methodologies, control testing techniques, evidence evaluation, and core control domains, including logical access, change management, SDLC, privileged access, and logging and monitoring controls. Experience developing and maintaining policies, procedures, controls, standards, narratives, and governance documentation within an enterprise GRC program. Experience working with GRC platforms, compliance workflows, audit evidence management, reporting processes, and control tracking activities. Ability to analyze technical processes, system control environments, audit evidence, large data sets, and system-generated reports to identify risks, control deficiencies, and practical remediation solutions. Familiarity with scripting languages, automation platforms, data analytics, and AI-assisted technologies used to improve control testing, evidence collection, compliance monitoring, and audit operations. Strong organizational, analytical, problem-solving, and project coordination skills with attention to detail. Effective verbal and written communication skills with the ability to collaborate across technical, operational, and leadership teams. Ability to manage multiple priorities and adapt effectively in a fast-paced environment. Proficient in Microsoft Office products, including Word, Excel, Outlook, and PowerPoint. Familiarity with quantitative risk analysis methodologies, including FAIR, is a plus.

Salary:

$96,200 - $126,600 Modivcare's positions are posted and open for applications for a minimum of 5 days. Positions may be posted for a maximum of 45 days dependent on the type of role, the number of roles, and the number of applications received. We encourage our prospective candidates to submit their application(s) expediently so as not to miss out on our opportunities. We frequently post new opportunities and encourage prospective candidates to check back often for new postings. We value our team members and realize the importance of benefits for you and your family. Modivcare offers a comprehensive benefits package to include the following: Medical, Dental, and Vision insurance Employer Paid Basic Life Insurance and AD&D Voluntary Life Insurance (Employee/Spouse/Child) Health Care and Dependent Care Flexible Spending Accounts Pre-Tax and Post --Tax Commuter and Parking Benefits 401(k) Retirement Savings Plan with Company Match Paid Time Off Paid Parental Leave Short-Term and Long-Term Disability Tuition Reimbursement Employee Discounts (retail, hotel, food, restaurants, car rental and much more!) Modivcare is an Equal Opportunity Employer. EEO is The Law - click here for more information Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled We consider all applicants for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, handicap or disability, or status as a Vietnam-era or special disabled veteran in accordance with federal law. If you need assistance, please reach out to us at hr.recruiting@modivcare.com Due to system issues, if you are unable to search for your application, please reach out to the Talent Acquisition team via email at hr.recruiting@modivcare.com and a member of the Talent Acquisition team will reach out to you within the next 48 business hours. We appreciate your interest in joining Modivcare! Our goal isn't a number. It's a difference. Modivcare is leading the transformation to better connect people with care, wherever they are. We serve the most underserved by facilitating non-emergency medical transportation and personal and home care to enable greater access to care, reduce costs and improve outcomes. Please note, Modivcare will never ask any potential applicant for employment for any Personal Identifiable Information via social media. Additionally, Modivcare will never ask any applicant for money. Please be cautious of any individual posing as a recruiter for Modivcare requesting personal identifiable information. If you suspect someone is attempting to collect your personal information or solicits money from you via any social media platform, we encourage you to report such scammers to that platform. Not finding the right fit? Let us know you're interested in a future opportunity by clicking Get Started below or create an account by clicking 'Sign In' at the top of the page to set up email alerts as new job postings become available that meet your interest!