RemoteLeaf Logo
Log in Sign up

Director, Governance, Risk, and Compliance (GRC)

1 month, 2 weeks ago
United States
Full-time
Lead
Penetration Tester
Cybersecurity
HIPAA
Apply Now
Clover Health

Clover Health

Clover Health is a data-focused health insurance company that is revolutionizing the Medicare Advantage space by integrating innovative technology into its plans. With a focus on optimizing medical outcomes and reducing costs, Clover Health uses analyt...

Insurance
251-1K
Founded 2014
$925M raised
View All Jobs 32

Description

  • Define and evolve Clover Health’s security governance and risk management strategy aligned with enterprise objectives and the security roadmap.
  • Establish a risk-driven governance approach aligned with HIPAA, the NIST Cybersecurity Framework v2, and the NIST AI Risk Management Framework where applicable.
  • Anticipate security and regulatory risks 12+ months ahead using business, product, regulatory, and market signals.
  • Own Clover Health’s security compliance posture, including federal and state regulatory obligations.
  • Lead security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.
  • Drive clarity, consistency, and maturity in security policies, standards, and procedures.
  • Lead the third-party security risk management program, including vendor due diligence, risk assessments, remediation tracking, and monitoring.
  • Manage a third-party GRC services vendor and ensure delivery quality, prioritization, and alignment to Clover’s risk appetite.
  • Lead governance and coordination for incident response, crisis management, disaster recovery, and business continuity.
  • Coordinate cross-functional problem solving on complex security and compliance issues and build durable partnerships across business functions.

Requirements

  • 8+ years of experience in information security, GRC, risk management, or related disciplines.
  • Demonstrated experience leading security governance and compliance programs in regulated environments.
  • Strong working knowledge of HIPAA and healthcare security requirements.
  • Experience operating in a public company or similarly regulated environment.
  • Proven experience managing third-party vendors providing GRC services or staff augmentation.
  • Hands-on experience with incident response governance, crisis management, disaster recovery, and business continuity.
  • Strong business acumen with the ability to translate security and compliance risks into business impact.
  • Excellent executive-level communication and stakeholder management skills.
  • Familiarity with NIST CSF v2 and NIST AI RMF, preferred.
  • Relevant certifications such as CISM, CRISC, or similar are a plus.

Benefits

  • Competitive base salary of $212,000 to $230,000 USD.
  • Equity opportunities, including an Employee Stock Purchase Plan with discounted equity.
  • Performance-based bonus program and 401(k) matching.
  • Comprehensive medical, dental, and vision coverage.
  • Remote-first culture with collaboration and flexibility.
  • Generous flexible time-off policy, plus No-Meeting Fridays and monthly company holidays.
  • Mental health resources and professional development funding, mentorship, and learning programs.
  • Paid parental leave and reimbursement for office setup expenses, plus a monthly cell phone and internet stipend.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Belmont Lavan

Oracle Security & Controls consultant 6 Months Contract

Belmont Lavan 11-50 Professional Services

Belmont Lavan Ltd is hiring an Oracle Security & Controls Consultant for a 6-month contract to assess, design, and implement security controls across Oracle environments that support data integrity, confidentiality, and regulatory compliance.

Sweden Denmark Contract Mid Level Database Administrator Penetration Tester
Oracle
19 hours, 35 minutes ago
BHG Financial

Senior Information Security GRC Specialist

BHG Financial 1K-5K Diversified Financial Services

BHG Financial is hiring a Senior Information Security GRC Specialist to lead enterprise business continuity and disaster recovery efforts while supporting risk and compliance initiatives for its financial services operations.

United States Full-time Senior Penetration Tester
19 hours, 35 minutes ago
Bridewell

Senior Penetration Tester

Bridewell 251-1K Internet Software & Services

Bridewell is hiring a Senior Penetration Tester to deliver client-facing offensive security assessments across web applications, APIs, and infrastructure while supporting reporting, pre-sales, and service development.

United Kingdom Full-time Senior Penetration Tester
AWS Azure Bash Cybersecurity GCP LLM Penetration Testing PowerShell Python
19 hours, 50 minutes ago
M

Pentester, Offensive Forward Deployment Engineer

Mistral AI 201-500 Artificial Intelligence

Mistral AI is hiring a hands-on Pentester for its Offensive Security team to run real client engagements, uncover vulnerabilities in Mistral’s systems and external targets, and help shape AI-assisted offensive security capabilities.

France United Kingdom Full-time Senior Penetration Tester
Active Directory AWS Azure CI/CD GCP Penetration Testing
20 hours, 5 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers