Lead Governance, Risk, and Compliance Analyst

Summary

Join Clover's Business Enablement team as a Lead GRC Analyst and build a robust Cybersecurity Risk Management Program. You will lead risk assessments, compliance engagements, and incident investigations. Collaborate with cross-functional teams, manage the security risk register, and ensure compliance with relevant regulations. This role requires 7+ years of experience in security risk management, a deep understanding of ePHI, and experience with internal audits and assessments. Clover offers a competitive salary, equity opportunities, comprehensive benefits, and a remote-first culture.

Requirements

• 7+ years of experience working in a security risk management role and have a deep comprehension of ePHI
• Experience conducting internal risk assessments or internal security audits
• Experience conducting internal security assessments and mastery of best practices for risk management
• A degree and/or training in technology or relevant Security certifications such as CISSP, CISM, CISA, CRISC
• Familiarity with control frameworks / regulatory requirements such as, HIPAA, HITRUST, SOx, NIST CSF, NIST 800-53
• Experience working with auditors and/or regulators
• Ability to work within a globally distributed organization and understanding of international information security regulations
• Strong written and verbal communication skills and are able to partner and communicate with a range of business professionals

Responsibilities

• Lead risk assessments to identify and prioritize potential security threats, including risk assessments of third parties
• Lead compliance engagements and internal audits to monitor compliance with relevant regulatory and industry standards (e.g., HIPAA, CMS, Sarbanes-Oxley, SEC, NIST) and other applicable federal, state, and local laws
• Manage and own the security risk register and risk reporting to security leaders
• Manage and lead incident investigations to identify root cause and implement preventive measures
• Review security policies and standards to ensure alignment with business objectives and regulatory requirements
• Understand and communicate security policies and standards to employees and stakeholders
• Collaborate with all departments to educate employees on security policies and procedures, promoting a security-conscious culture
• Lead completion of security audits of Clover from third parties
• Update and administer GRC tools with relevant assessment and risk data

Preferred Qualifications

• Experience using and administering automated GRC platforms (such as Onspring)
• Healthcare experience

Benefits

• Competitive base salary and equity opportunities
• Performance-based bonus program
• 401k matching
• Regular compensation reviews
• Comprehensive medical, dental, and vision coverage
• No-Meeting Fridays
• Monthly company holidays
• Access to mental health resources
• Generous flexible time-off policy
• Remote-first culture
• Learning programs
• Mentorship
• Professional development funding
• Regular performance feedback and reviews
• Employee Stock Purchase Plan (ESPP) offering discounted equity opportunities
• Reimbursement for office setup expenses
• Monthly cell phone & internet stipend
• Paid parental leave for all new parents