Director, Governance, Risk, and Compliance (GRC) at Clover Health

<p>At Clover, the Business Enablement team leads our technological advancement while ensuring robust security and compliance. We deliver user-friendly corporate applications, manage complex data ecosystems, and provide efficient tech solutions across the organization. Our goal is simple: we make it easy for the business to do what’s right for Clover.<br><br>Clover Health is seeking a Director of Governance, Risk, and Compliance (GRC) to define and&nbsp;execute our security governance and risk strategy in support of Clover’s growth as a public,<br>technology-enabled healthcare company.<br><br>This role operates at the enterprise level, shaping functional strategy while driving execution&nbsp;through cross-functional influence rather than direct authority. The Director of GRC is<br>accountable for Clover’s security risk posture, regulatory compliance readiness, and resilience&nbsp;capabilities, ensuring that governance, risk, and compliance activities are aligned to business<br>priorities and long-term company outcomes.<br><br>The role manages a third-party vendor providing GRC services and staffing, while serving as&nbsp;Clover Health’s internal owner for security governance, risk decision-making, and executive-level accountability.</p> <p><strong>As a </strong><strong>Director, Governance, Risk, and Compliance </strong><strong>you will:</strong></p> <p class="p1"><strong>Governance &amp; Security Risk Strategy</strong></p> <p class="p2"><span class="s1">•</span> Define and evolve Clover Health’s security governance and risk management strategy, aligning function-level priorities with enterprise objectives and the security roadmap.<br><span class="s1">•</span> Establish a risk-driven approach to governance aligned with:<br><span class="s3">-</span> HIPAA Security and Privacy Rules<br><span class="s3">-</span> NIST Cybersecurity Framework (CSF) v2<br><span class="s3">-</span> NIST AI Risk Management Framework (AI RMF), where applicable<br><span class="s1">•</span> Anticipate security and regulatory risks 12+ months out, using business, product, regulatory, and market signals to inform strategy and tradeoffs.<br><span class="s1">•</span> Ensure security risk decisions are clearly framed, documented, and communicated in business terms for executive and board-level audiences.<br><span class="s1">•</span> Assist the CISO in setting security risk priorities, framing tradeoffs, and communicating&nbsp;risk posture and progress to executive leadership and the Board.</p> <p class="p1"><strong>Compliance &amp; Regulatory Leadership</strong></p> <p class="p2"><span class="s1">•</span> Own Clover Health’s security compliance posture as a public healthcare company, including federal and state regulatory obligations.<br><span class="s1">•</span> Lead security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.<br><span class="s1">•</span> Drive clarity, consistency, and maturity in security policies, standards, and procedures.<br><span class="s1">•</span> Ensure compliance efforts are proactive, scalable, integrated into how Clover Health&nbsp;builds and operates products, and maintained over time to support ongoing audit&nbsp;readiness and regulatory expectations.</p> <p class="p1"><strong>Accountability &amp; Delivery Leadership</strong></p> <p class="p1"><span class="s1">•</span> Own high-stakes outcomes for the GRC function, ensuring accountability across internal partners and third-party providers.<br><span class="s1">•</span> Set clear success metrics, decision rights, and escalation paths for risk and compliance activities.<br><span class="s1">•</span> Make and communicate tough prioritization calls when business needs, regulatory demands, or risk profiles shift.<br><span class="s1">•</span> Surface high-risk issues early and transparently to the CISO, peers, and senior leaders.</p> <p class="p1"><strong>Third-Party Risk Management</strong></p> <p class="p2"><span class="s1">•</span> Lead Clover Health’s third-party security risk management program end-to-end.<br><span class="s1">•</span> Oversee vendor due diligence, risk assessments, remediation tracking, and ongoing monitoring.<br><span class="s1">•</span> Manage and hold accountable a third-party GRC services vendor, ensuring delivery quality, prioritization, and alignment to Clover’s risk appetite.<br><span class="s1">•</span> Ensure third-party risks are evaluated holistically and escalated appropriately.</p> <p class="p1"><strong>Incident, Crisis, and Resilience Governance</strong></p> <p class="p2"><span class="s1">•</span> Lead governance and coordination for:<br><span class="s3">-</span> Security incident response (IR)<br><span class="s3">-</span> Crisis management<br><span class="s3">-</span> Disaster recovery (DR)<br><span class="s3">-</span> Business continuity (BC)<br><span class="s1">•</span> Ensure incidents are tracked, analyzed for root cause, reported appropriately, and followed through with corrective actions.<br><span class="s1">•</span> Lead or support enterprise tabletop exercises and simulations.<br><span class="s1">•</span> Balance immediate response needs with long-term system and process improvements.</p> <p class="p1"><strong>Cross-Functional Problem Solving &amp; Influence</strong></p> <p class="p2"><span class="s1">•</span> Lead multi-team, cross-functional problem solving on complex security and compliance&nbsp;issues.<br><span class="s1">•</span> Connect operational issues to systemic root causes and drive sustainable fixes rather than short-term workarounds.<br><span class="s1">•</span> Influence peers and senior leaders through credibility, data, and executive presence —not authority.<br><span class="s1">•</span> Build durable partnerships across Engineering, IT, MA, Legal, Compliance, Privacy,&nbsp;Finance, and Operations.</p> <p class="p1"><strong>Culture, Coaching, and Enterprise Presence</strong></p> <p class="p2"><span class="s1">•</span> Build trust and credibility as a senior Clover leader.<br><span class="s1">•</span> Coach people managers, high-potential ICs, and vendor staff to elevate GRC maturity across the organization.<br><span class="s1">•</span> Model transparency, accountability, and alignment in leadership forums.<br><span class="s1">•</span> Contribute to a culture of thoughtful risk-taking, strong execution, and shared ownership.</p> <p><strong>Success in this role looks like:</strong></p> <p class="p1"><span class="s1">•</span> Security risk management is clearly aligned to Clover Health’s growth strategy and enterprise priorities.<br><span class="s1">•</span> The CISO has confidence in Clover’s security, compliance, and resilience posture.<br><span class="s1">•</span> Security risk is managed, mapped, and reported on a regular cadence.<br><span class="s1">•</span> Compliance activities scale with the business and avoid last-minute fire drills.<br><span class="s1">•</span> Incidents and crises are handled with discipline, transparency, and continuous improvement.<br><span class="s1">•</span> GRC is viewed as a strategic enabler — not a blocker — across the organization.</p> <p><strong>You should get in touch if:</strong></p> <p class="p1"><span class="s1">•</span> 8+ years of experience in information security, GRC, risk management, or related disciplines.<br><span class="s1">•</span> Demonstrated experience leading security governance and compliance programs in regulated environments.<br><span class="s1">•</span> Strong working knowledge of HIPAA and healthcare security requirements.<br><span class="s1">•</span> Experience operating in a public company or similarly regulated environment.<br><span class="s1">•</span> Proven experience managing third-party vendors providing GRC services or staff augmentation.<br><span class="s1">•</span> Hands-on experience with incident response governance, crisis management, disaster recovery, and business continuity.<br><span class="s1">•</span> Strong business acumen with the ability to translate security and compliance risks into business impact.<br><span class="s1">•</span> Excellent executive-level communication and stakeholder management skills.</p> <p class="p2"><strong>Preferred Qualifications</strong></p> <p class="p1"><span class="s1">•</span> Familiarity with NIST CSF v2 and NIST AI RMF.<br><span class="s1">•</span> Experience supporting AI-enabled, data-intensive, or technology-forward healthcare platforms.<br><span class="s1">•</span> Relevant certifications such as CISM, CRISC, or similar are a plus.<br><span class="s1">•</span> Service-management and automation mindset.</p> <hr> <p><strong>Benefits Overview</strong>:&nbsp;</p> <ul> <li><strong>Financial Well-Being</strong>: Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities. Additionally, we offer a performance-based bonus program, 401k matching, and regular compensation reviews to recognize and reward exceptional contributions.</li> <li><strong>Physical Well-Being</strong>: We prioritize the health and well-being of our employees and their families by providing comprehensive medical, dental, and vision coverage. Your health matters to us, and we invest in ensuring you have access to quality healthcare.</li> <li><strong>Mental Well-Being</strong>: We understand the importance of mental health in fostering productivity and maintaining work-life balance. To support this, we offer initiatives such as No-Meeting Fridays, monthly company holidays, access to mental health resources, and a generous flexible time-off policy. Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location.&nbsp;</li> <li><strong>Professional Development</strong>: Developing internal talent is a priority for Clover. We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews.</li> </ul> <p><em>Additional Perks:</em></p> <ul> <li>Employee Stock Purchase Plan (ESPP) offering discounted equity opportunities</li> <li>Reimbursement for office setup expenses</li> <li>Monthly cell phone &amp; internet stipend</li> <li>Remote-first culture, enabling collaboration with global teams</li> <li>Paid parental leave for all new parents</li> <li>And much more!</li> </ul> <hr> <p><strong>About Clover: </strong>We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.</p> <p>We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.</p> <p>From Clover’s inception, Diversity &amp; Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences, perspectives, opinions, and backgrounds, who share a passion for improving people's lives. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion and many other parts of one’s identity. All of our employee’s points of view are key to our success, and inclusion is everyone's responsibility.</p> <hr> <p>#LI-Remote</p> <p><em>Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. </em><em>We are an&nbsp;<a href="https://www.e-verify.gov/?utm_medium=search&amp;utm_source=google&amp;utm_campaign=everify2018&amp;utm_content=bg_Branded_Everify_General_English_BMM_E_Verify&amp;utm_keyword=everify" target="_blank">E-Verify</a> company.</em></p> <hr><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p>Final pay is based on several factors including but not limited to internal equity, market data, and the applicant’s education, work experience, certifications, etc.</p></div><div class="title">A reasonable estimate of the base salary range for this role is:</div><div class="pay-range"><span>$212,000</span><span class="divider">&mdash;</span><span>$230,000 USD</span></div></div></div>