← Back to jobsApply for this position
Cloverhealth
Director, Governance, Risk, and Compliance (GRC)
operationsfull-timeRemote - USA
SALARY
Not listed
WORK TYPE
remote
JOB TYPE
full-time
INDUSTRY
healthcare
✦ AutoApply Let us apply to roles like this on your behalf.
Learn more
About the role
Governance & Security Risk Strategy
- Define and evolve Clover Health’s security governance and risk management strategy, aligning function-level priorities with enterprise objectives and the security roadmap.
- Establish a risk-driven approach to governance aligned with: HIPAA Security and Privacy Rules, NIST Cybersecurity Framework (CSF) v2, NIST AI Risk Management Framework (AI RMF), where applicable
- Anticipate security and regulatory risks 12+ months out, using business, product, regulatory, and market signals to inform strategy and tradeoffs.
- Ensure security risk decisions are clearly framed, documented, and communicated in business terms for executive and board-level audiences.
- Assist the CISO in setting security risk priorities, framing tradeoffs, and communicating risk posture and progress to executive leadership and the Board.
Compliance & Regulatory Leadership
- Own Clover Health’s security compliance posture as a public healthcare company, including federal and state regulatory obligations.
- Lead security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.
- Drive clarity, consistency, and maturity in security policies, standards, and procedures.
- Ensure compliance efforts are proactive, scalable, integrated into how Clover Health builds and operates products, and maintained over time to support ongoing audit readiness and regulatory expectations.
Accountability & Delivery Leadership
- Own high-stakes outcomes for the GRC function, ensuring accountability across internal partners and third-party providers.
- Set clear success metrics, decision rights, and escalation paths for risk and compliance activities.
- Make and communicate tough prioritization calls when business needs, regulatory demands, or risk profiles shift.
- Surface high-risk issues early and transparently to the CISO, peers, and senior leaders.
Third-Party Risk Management
- Manage third-party vendor providing GRC services and staffing, while serving as Clover Health’s internal owner for security governance, risk decision-making, and executive-level accountability.
✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. Plans from $14.99/mo. Cancel anytime.
Join waitlist