Director, Governance, Risk, and Compliance (GRC)

Description:

• Define and evolve Clover Health’s security governance and risk management strategy aligned with enterprise objectives and the security roadmap.
• Establish a risk-driven governance approach aligned with HIPAA, the NIST Cybersecurity Framework v2, and the NIST AI Risk Management Framework where applicable.
• Anticipate security and regulatory risks 12+ months ahead using business, product, regulatory, and market signals.
• Own Clover Health’s security compliance posture, including federal and state regulatory obligations.
• Lead security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.
• Drive clarity, consistency, and maturity in security policies, standards, and procedures.
• Lead the third-party security risk management program, including vendor due diligence, risk assessments, remediation tracking, and monitoring.
• Manage a third-party GRC services vendor and ensure delivery quality, prioritization, and alignment to Clover’s risk appetite.
• Lead governance and coordination for incident response, crisis management, disaster recovery, and business continuity.
• Coordinate cross-functional problem solving on complex security and compliance issues and build durable partnerships across business functions.

Requirements:

• 8+ years of experience in information security, GRC, risk management, or related disciplines.
• Demonstrated experience leading security governance and compliance programs in regulated environments.
• Strong working knowledge of HIPAA and healthcare security requirements.
• Experience operating in a public company or similarly regulated environment.
• Proven experience managing third-party vendors providing GRC services or staff augmentation.
• Hands-on experience with incident response governance, crisis management, disaster recovery, and business continuity.
• Strong business acumen with the ability to translate security and compliance risks into business impact.
• Excellent executive-level communication and stakeholder management skills.
• Familiarity with NIST CSF v2 and NIST AI RMF, preferred.
• Relevant certifications such as CISM, CRISC, or similar are a plus.

Benefits:

• Competitive base salary of $212,000 to $230,000 USD.
• Equity opportunities, including an Employee Stock Purchase Plan with discounted equity.
• Performance-based bonus program and 401(k) matching.
• Comprehensive medical, dental, and vision coverage.
• Remote-first culture with collaboration and flexibility.
• Generous flexible time-off policy, plus No-Meeting Fridays and monthly company holidays.
• Mental health resources and professional development funding, mentorship, and learning programs.
• Paid parental leave and reimbursement for office setup expenses, plus a monthly cell phone and internet stipend.