Director, Governance, Risk, and Compliance (GRC)

Clover Health, a public, technology-enabled healthcare company, is seeking a Director of GRC to define and execute its security governance and risk strategy. The role operates at the enterprise level, shaping functional strategy while driving execution through cross-functional influence, and is accountable for Clover's security risk posture, regulatory compliance readiness, and resilience capabilities.

The Director establishes a risk-driven approach to governance aligned with the HIPAA Security and Privacy Rules, the NIST Cybersecurity Framework (CSF) v2, and the NIST AI Risk Management Framework (AI RMF) where applicable. Responsibilities include anticipating security and regulatory risks 12+ months out, owning Clover's security compliance posture as a public healthcare company across federal and state obligations, and leading security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.

The role manages a third-party vendor providing GRC services and staffing while serving as Clover's internal owner for security governance and risk decision-making, framing tradeoffs and communicating risk posture to executive leadership and the Board.

Qualifications

• 8+ years in information security, GRC, risk management, or related fields
• Demonstrated experience leading security governance and compliance programs in regulated environments
• Strong HIPAA and healthcare security knowledge
• Public company or similarly regulated environment experience
• Proven third-party vendor management for GRC services
• Executive-level communication able to translate security/compliance risk into business impact