Lead Governance, Risk, and Compliance Analyst

At Clover, the Business Enablement team leads our technological advancement while ensuring robust security and compliance. We deliver user-friendly corporate applications, manage complex data ecosystems, and provide efficient tech solutions across the organization. Our goal is simple: we make it easy for the business to do what’s right for Clover.

We are looking for a Lead GRC Analyst to build and maintain a strong Cybersecurity Risk Management Program to include managing and reporting on risks introduced by third-parties. You will work closely with various business partners across the organization and report directly to the GRC Manager. 

  As a Lead GRC Analyst you will:

• Lead risk assessments to identify and prioritize potential security threats, including risk assessments of third parties.
• Lead compliance engagements and internal audits to monitor compliance with relevant regulatory and industry standards (e.g., HIPAA, CMS, Sarbanes-Oxley, SEC, NIST) and other applicable federal, state, and local laws.
• Manage and own the security risk register and risk reporting to security leaders.
• Manage and lead incident investigations to identify root cause and implement preventive measures.
• Review security policies and standards to ensure alignment with business objectives and regulatory requirements.
• Understand and communicate security policies and standards to employees and stakeholders.
• Collaborate with all departments to educate employees on security policies and procedures, promoting a security-conscious culture.
• Lead completion of security audits of Clover from third parties.
• Update and administer GRC tools with relevant assessment and risk data.

You will love this job if:

• You enjoy conducting security risk assessments and working with cross-functional teams.  
• You are a problem solver. You enjoy tracking down the answers, analyzing data, and ensuring data is accurate and complete. 
• You are a meticulous record keeper.
• You are excited to work in a fast-paced and globally distributed organization.
• You are self motivated and can work independently.

You should get in touch if:   

• You have 7+ years of experience working in a security risk management role and have a deep comprehension of ePHI. 
• You have experience conducting internal risk assessments or internal security audits.
• You have experience conducting internal security assessments and mastery of best practices for risk management.
• You have a degree and/or training in technology or relevant Security certifications such as CISSP, CISM, CISA, CRISC is preferred. 
• You have familiarity with control frameworks / regulatory requirements such as, HIPAA, HITRUST, SOx, NIST CSF, NIST 800-53. Healthcare experience is preferred.
• You have experience working with auditors and/or regulators. 
• You have the ability to work within a globally distributed organization and understanding of international information security regulations;
• You have strong written and verbal communication skills and are able to partner and communicate with a range of business professionals.
• You have experience using and administering automated GRC platforms (such as Onspring) is preferred. 

Benefits Overview:

• Financial Well-Being: Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities. Additionally, we offer a performance-based bonus program, 401k matching, and regular compensation reviews to recognize and reward exceptional contributions.
• Physical Well-Being: We prioritize the health and well-being of our employees and their families by providing comprehensive medical, dental, and vision coverage. Your health matters to us, and we invest in ensuring you have access to quality healthcare.
• Mental Well-Being: We understand the importance of mental health in fostering productivity and maintaining work-life balance. To support this, we offer initiatives such as No-Meeting Fridays, monthly company holidays, access to mental health resources, and a generous flexible time-off policy. Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location. 
• Professional Development: Developing internal talent is a priority for Clover. We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews.

Additional Perks:

• Employee Stock Purchase Plan (ESPP) offering discounted equity opportunities
• Reimbursement for office setup expenses
• Monthly cell phone & internet stipend
• Remote-first culture, enabling collaboration with global teams
• Paid parental leave for all new parents
• And much more!

About Clover: We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.

We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.

From Clover’s inception, Diversity & Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences, perspectives, opinions, and backgrounds, who share a passion for improving people's lives. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion and many other parts of one’s identity. All of our employee’s points of view are key to our success, and inclusion is everyone's responsibility.

#LI-REMOTE

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. We are an E-Verify company.

A reasonable estimate of the base salary range for this role is $100,000 to $130,000. Final pay is based on several factors including but not limited to internal equity, market data, and the applicant’s education, work experience, certifications, etc.