IT Governance & Compliance Analyst

Are you passionate about making a difference in people's lives? Do you enjoy working in a service-oriented industry? If so, this opportunity may be the right fit for you!

Modivcare is looking for an experienced IT Governance & Compliance Analyst to join our team, supporting enterprise-wide IT governance, risk management, compliance, and audit initiatives. This role is responsible for supporting security frameworks, governance processes, regulatory compliance activities, and continuous improvement efforts that strengthen IT controls and reduce organizational risk. The ideal candidate will bring experience in IT governance, compliance assessments, audit coordination, and process documentation while collaborating across technical and operational teams to support a strong security and compliance posture.

This position is based in our Denver office and requires on-site attendance five (5) days per week.

This role…

• Develops, documents, and maintains IT governance processes, policies, and procedures aligned with industry frameworks and standards, including NIST CSF and ISO 27001.

• Partners with IT teams to implement and support security policies, governance controls, and compliance initiatives across the enterprise.

• Facilitates external assessments and audits related to HITRUST, ISO 27001, HIPAA, and SOC 2 compliance, including coordination with third-party assessors, audit evidence collection, remediation tracking, and support of audit activities.

• Supports identity and access governance processes, including documentation, control validation, and user awareness related to assigned responsibilities.

• Assists with cybersecurity incident response preparedness through process documentation, testing, employee training, and response support activities.

• Evaluates and tests the IT control environment to ensure controls are operating effectively and organizational risks are appropriately identified, measured, and reported.

• Develops, monitors, and reports governance metrics, including OKRs, KPIs, remediation activities, vulnerabilities, patch management, and Plans of Action & Milestones (POAMs).

• Supports third-party risk management activities, including vendor security assessments and alignment with organizational security policies and standards.

• Assists in the development, maintenance, and testing of IT General Controls (ITGCs) and compliance processes supporting HIPAA, HITRUST, ISO 27001, SOX, SOC 2, and CCPA requirements.

• Supports internal and external audit activities through evidence collection, control testing, process improvement, and remediation validation.

• Identifies opportunities to improve governance, compliance, and audit activities through process optimization, scripting, automation, and emerging AI-assisted capabilities.

• Ensures customer and regulatory compliance commitments are maintained and completed in a timely manner.

• Participates in additional projects and duties as assigned, including occasional business travel as required.

• This role does not have direct supervisory responsibilities.

We are interested in speaking with individuals with the following…

• Bachelor’s Degree in Computer Science, Computer Engineering, Management Information Systems, Information Security/Cyber Security, or a related field required.

• Three (3) or more years of experience in IT governance, information security, risk management, compliance, or related areas.

• Experience supporting external audits and compliance assessments, including HITRUST, ISO 27001, and SOC 2 preferred.

• CISSP, ITIL, GIAC, or related certifications preferred.

• Equivalent combinations of education and experience may be considered.

• Familiarity with IT governance frameworks, industry standards, and best practices, including NIST CSF and ISO 27001.

• Knowledge of regulatory and compliance requirements, including HIPAA, HITRUST, ISO 27001, SOX, SOC 2, and related IT control frameworks.

• Experience supporting audits, assessments, compliance reviews, and remediation activities.

• Understanding of IT General Controls (ITGCs), risk management principles, identity and access management, vulnerability management, and third-party risk management concepts.

• Ability to analyze IT systems, processes, and controls to identify risks, gaps, and improvement opportunities.

• Ability to develop and maintain policies, procedures, standards, controls, narratives, and governance documentation.

• Familiarity with scripting, automation platforms, and AI-assisted technologies used to improve governance, compliance, audit, or operational processes.

• Strong analytical, problem-solving, organizational, and documentation skills with attention to detail.

• Effective verbal and written communication skills with the ability to collaborate across technical and non-technical teams.

Salary: $80,150 – $105,450

Modivcare’s positions are posted and open for applications for a minimum of 5 days. Positions may be posted for a maximum of 45 days dependent on the type of role, the number of roles, and the number of applications received.  We encourage our prospective candidates to submit their application(s) expediently so as not to miss out on our opportunities. We frequently post new opportunities and encourage prospective candidates to check back often for new postings. 

We value our team members and realize the importance of benefits for you and your family.

Modivcare offers a comprehensive benefits package to include the following:

• Medical, Dental, and Vision insurance
• Employer Paid Basic Life Insurance and AD&D
• Voluntary Life Insurance (Employee/Spouse/Child)
• Health Care and Dependent Care Flexible Spending Accounts
• Pre-Tax and Post --Tax Commuter and Parking Benefits
• 401(k) Retirement Savings Plan with Company Match
• Paid Time Off
• Paid Parental Leave
• Short-Term and Long-Term Disability
• Tuition Reimbursement
• Employee Discounts (retail, hotel, food, restaurants, car rental and much more!)

Modivcare is an Equal Opportunity Employer.

• EEO is The Law - click here for more information
• Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
• We consider all applicants for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, handicap or disability, or status as a Vietnam-era or special disabled veteran in accordance with federal law. If you need assistance, please reach out to us at hr.recruiting@modivcare.com