GRC CareersConnecting Talent and Trust.

JobsRemoteDirector, Governance, Risk, and Compliance (GRC)

Director, Governance, Risk, and Compliance (GRC)

Clover Health
GovernanceRemoteFull-timeRemote$212,000 to $230,000

Clover Health is hiring for the role of Director, Governance, Risk, and Compliance (GRC), Remote. This is a Governance role in the governance, risk, and compliance field, with a posted range of $212,000 to $230,000. Review the full details below and apply directly with Clover Health.

Organization: Clover HealthLocation: RemoteWorkplace: RemoteFocus: GovernanceSalary: $212,000 to $230,000Posted: Jun 13, 2026
This is a remote Governance role. Remote governance, risk, and compliance hiring has grown as organizations extend compliance, risk, and AI oversight across distributed teams, which widens the candidate pool beyond any single metro. Browse all remote GRC roles →

Clover Health, a public, technology-enabled healthcare company, is seeking a Director of GRC to define and execute its security governance and risk strategy. The role operates at the enterprise level, shaping functional strategy while driving execution through cross-functional influence, and is accountable for Clover's security risk posture, regulatory compliance readiness, and resilience capabilities.

The Director establishes a risk-driven approach to governance aligned with the HIPAA Security and Privacy Rules, the NIST Cybersecurity Framework (CSF) v2, and the NIST AI Risk Management Framework (AI RMF) where applicable. Responsibilities include anticipating security and regulatory risks 12+ months out, owning Clover's security compliance posture as a public healthcare company across federal and state obligations, and leading security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.

The role manages a third-party vendor providing GRC services and staffing while serving as Clover's internal owner for security governance and risk decision-making, framing tradeoffs and communicating risk posture to executive leadership and the Board.

Qualifications

  • 8+ years in information security, GRC, risk management, or related fields
  • Demonstrated experience leading security governance and compliance programs in regulated environments
  • Strong HIPAA and healthcare security knowledge
  • Public company or similarly regulated environment experience
  • Proven third-party vendor management for GRC services
  • Executive-level communication able to translate security/compliance risk into business impact