[Hiring] Director, Governance, Risk, and Compliance @Clover Health

Role Description

At Clover, the Business Enablement team leads our technological advancement while ensuring robust security and compliance. We deliver user-friendly corporate applications, manage complex data ecosystems, and provide efficient tech solutions across the organization. Our goal is simple: we make it easy for the business to do what’s right for Clover.

Clover Health is seeking a Director of Governance, Risk, and Compliance (GRC) to define and execute our security governance and risk strategy in support of Clover’s growth as a public, technology-enabled healthcare company. This role operates at the enterprise level, shaping functional strategy while driving execution through cross-functional influence rather than direct authority. The Director of GRC is accountable for Clover’s security risk posture, regulatory compliance readiness, and resilience capabilities, ensuring that governance, risk, and compliance activities are aligned to business priorities and long-term company outcomes.

The role manages a third-party vendor providing GRC services and staffing, while serving as Clover Health’s internal owner for security governance, risk decision-making, and executive-level accountability.

As a Director, Governance, Risk, and Compliance you will:

• Governance & Security Risk Strategy
  • Define and evolve Clover Health’s security governance and risk management strategy, aligning function-level priorities with enterprise objectives and the security roadmap.
  • Establish a risk-driven approach to governance aligned with:
    • HIPAA Security and Privacy Rules
    • NIST Cybersecurity Framework (CSF) v2
    • NIST AI Risk Management Framework (AI RMF), where applicable
  • Anticipate security and regulatory risks 12+ months out, using business, product, regulatory, and market signals to inform strategy and tradeoffs.
  • Ensure security risk decisions are clearly framed, documented, and communicated in business terms for executive and board-level audiences.
  • Assist the CISO in setting security risk priorities, framing tradeoffs, and communicating risk posture and progress to executive leadership and the Board.
• Compliance & Regulatory Leadership
  • Own Clover Health’s security compliance posture as a public healthcare company, including federal and state regulatory obligations.
  • Lead security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.
  • Drive clarity, consistency, and maturity in security policies, standards, and procedures.
  • Ensure compliance efforts are proactive, scalable, integrated into how Clover Health builds and operates products, and maintained over time to support ongoing audit readiness and regulatory expectations.
• Accountability & Delivery Leadership
  • Own high-stakes outcomes for the GRC function, ensuring accountability across internal partners and third-party providers.
  • Set clear success metrics, decision rights, and escalation paths for risk and compliance activities.
  • Make and communicate tough prioritization calls when business needs, regulatory demands, or risk profiles shift.
  • Surface high-risk issues early and transparently to the CISO, peers, and senior leaders.
• Third-Party Risk Management
  • Lead Clover Health’s third-party security risk management program end-to-end.
  • Oversee vendor due diligence, risk assessments, remediation tracking, and ongoing monitoring.
  • Manage and hold accountable a third-party GRC services vendor, ensuring delivery quality, prioritization, and alignment to Clover’s risk appetite.
  • Ensure third-party risks are evaluated holistically and escalated appropriately.
• Incident, Crisis, and Resilience Governance
  • Lead governance and coordination for:
    • Security incident response (IR)
    • Crisis management
    • Disaster recovery (DR)
    • Business continuity (BC)
  • Ensure incidents are tracked, analyzed for root cause, reported appropriately, and followed through with corrective actions.
  • Lead or support enterprise tabletop exercises and simulations.
  • Balance immediate response needs with long-term system and process improvements.
• Cross-Functional Problem Solving & Influence
  • Lead multi-team, cross-functional problem solving on complex security and compliance issues.
  • Connect operational issues to systemic root causes and drive sustainable fixes rather than short-term workarounds.
  • Influence peers and senior leaders through credibility, data, and executive presence —not authority.
  • Build durable partnerships across Engineering, IT, MA, Legal, Compliance, Privacy, Finance, and Operations.
• Culture, Coaching, and Enterprise Presence
  • Build trust and credibility as a senior Clover leader.
  • Coach people managers, high-potential ICs, and vendor staff to elevate GRC maturity across the organization.
  • Model transparency, accountability, and alignment in leadership forums.
  • Contribute to a culture of thoughtful risk-taking, strong execution, and shared ownership.

Success in this role looks like:

• Security risk management is clearly aligned to Clover Health’s growth strategy and enterprise priorities.
• The CISO has confidence in Clover’s security, compliance, and resilience posture.
• Security risk is managed, mapped, and reported on a regular cadence.
• Compliance activities scale with the business and avoid last-minute fire drills.
• Incidents and crises are handled with discipline, transparency, and continuous improvement.
• GRC is viewed as a strategic enabler — not a blocker — across the organization.

Qualifications

• 8+ years of experience in information security, GRC, risk management, or related disciplines.
• Demonstrated experience leading security governance and compliance programs in regulated environments.
• Strong working knowledge of HIPAA and healthcare security requirements.
• Experience operating in a public company or similarly regulated environment.
• Proven experience managing third-party vendors providing GRC services or staff augmentation.
• Hands-on experience with incident response governance, crisis management, disaster recovery, and business continuity.
• Strong business acumen with the ability to translate security and compliance risks into business impact.
• Excellent executive-level communication and stakeholder management skills.

Preferred Qualifications

• Familiarity with NIST CSF v2 and NIST AI RMF.
• Experience supporting AI-enabled, data-intensive, or technology-forward healthcare platforms.
• Relevant certifications such as CISM, CRISC, or similar are a plus.
• Service-management and automation mindset.

Benefits

• Financial Well-Being: Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities. Additionally, we offer a performance-based bonus program, 401k matching, and regular compensation reviews to recognize and reward exceptional contributions.
• Physical Well-Being: We prioritize the health and well-being of our employees and their families by providing comprehensive medical, dental, and vision coverage. Your health matters to us, and we invest in ensuring you have access to quality healthcare.
• Mental Well-Being: We understand the importance of mental health in fostering productivity and maintaining work-life balance. To support this, we offer initiatives such as No-Meeting Fridays, monthly company holidays, access to mental health resources, and a generous flexible time-off policy. Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location.
• Professional Development: Developing internal talent is a priority for Clover. We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews.
• Additional Perks:
  • Employee Stock Purchase Plan (ESPP) offering discounted equity opportunities
  • Reimbursement for office setup expenses
  • Monthly cell phone & internet stipend
  • Remote-first culture, enabling collaboration with global teams
  • Paid parental leave for all new parents
  • And much more!