GRC Program Manager

Clover Health, San Francisco, CA | Jersey City, NJ | Remote

Clover is a Medicare Plan done differently.

Clover is reinventing health insurance by working to keep people healthier.

We value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds and swaths of life to help build the future of healthcare. Clover's security team enhances the values of the organization by supporting the company's goals and objectives while fiercely defending our members' information. We are committed and deliberate about protecting the integrity and availability of Clover's overall operation. We are looking for empathetic security professionals to help build up Clover's security and ensure all functions operate securely. This includes ensuring service availability, systems/data integrity, member privacy, and building trust in the Clover brand.

We are looking for a GRC Program Manager who will report directly to Clover’s Chief Information Security Officer and be responsible for establishing and maintaining the company’s overall information and cybersecurity governance, risk, and compliance (GRC) program. The GRC Program is designed to ensure that the Clover’s systems and data are adequately protected. This will include the ongoing development and maintenance of a comprehensive information and cyber security policy and related control structure. This is a hands-on leadership position that will be responsible for identifying, evaluating, and reporting on information and cybersecurity risks in a manner that meets Clover’s internal security and privacy policies, as well as regulatory and other compliance requirements.

As a senior leader in the Information and Cybersecurity organization, the GRC Program Manager will work proactively with the various clients and vendors, as well as, and other internal departments and organizations to implement practices that meet Clover’s defined policies and standards for information risk management. The GRC Program Manager will also be a member of various governance, compliance and incident response groups. The GRC team is responsible for providing oversight and governance overall for information and cybersecurity-related activities within Clover ensuring management awareness, metrics and compliance posture of our information and cybersecurity environment.

As GRC Program Manager, you will:

  • Ensure security policies and controls meet Clover and regulatory requirement, remain current and are included as part of Clover’s GRC program.
  • Design, implement & mature security and risk management controls library, controls methodology & testing criteria.
  • Identify control owners and stakeholders.
  • Identify & escalate any new or emerging gaps in policy or control environment & provide expert advice on new requirements.
  • Assess criticality of control gaps for escalation.
  • Work with business leaders and other stakeholders to ensure baseline security standards are embedded in business operations and delivery.
  • Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
  • Provide management and operational reporting on findings to ensure prioritization for remediation and closure.
  • Drive remediation and risk mitigation planning, execution and oversight (strategies).
  • Provide remediation and policy guidance to both Clover, its clients, and third-parties.
  • Provide management reporting that monitors and measures Clover’s compliance to regulatory requirements (including HIPAA/HiTech/HITRUST, SOC 1/2, etc.).
  • Interpret patterns of non-compliance to determine impact on levels of risk and work with the appropriate resources to drive higher levels of compliance.

You will love this job if:

  • If you believe in the integration of Governance, Risk and Compliance activities that can empower a company to provide a compliant business model, manage significant risks to the business’ goals and objectives, and provide accurate information to empower better decision making.
  • You enjoy working in a fluid environment, defining and owning priorities that adapt to our larger goals. You can bring clarity to ambiguity while remaining open-minded to new information that might change your mind.
  • You are passionate about growing people and organizations. Helping to set your team and peers up for success through collaboration and feedback is important to you.
  • You are a strong problem-solver, you like to use your analytical skills to come up with solutions to problems.
  • You value partnership, working cross-functionally and with external auditor/regulators is something you enjoy.

You should get in touch if:

  • You have Security certifications (CISSP, CISM, ISO 27001/02, etc.), Risk Management certifications (CISA, CRISC, etc.)
  • You are seasoned in corporate, governmental, military, or law enforcement environment.
  • You have prior experience in information security, programming, IT risk management or audit.
  • You have strong knowledge of SOx, HIPPA, PII, and GDPR requirements.
  • You are experienced with automated GRC platforms (such as Archer, MetricStream, ZenGRC, Riskonnect, Allgress, etc.).
  • You have deep Interest in developing knowledge in security and interactions with various internal and external client functions.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. We are an E-Verify company.

About Clover: We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.

We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.

About Clover Health

Clover Health is a data driven health insurance startup driving to improve the overall state of healthcare in America. We are hiring software engineers, data scientists, designers and product folks who can help us understand our members’ wellness and steer them clear of any health risks down the road. Unlike other health insurance companies also embracing preventive health, Clover’s Medicare is built on technology from the ground-up. Integrating our systems with doctors, clinicians, and nurse practitioners, Clover’s data team helps healthcare professionals in the field intervene directly into patients’ wellness to help them avoid acute health episodes. If you’re a passionate person and interested in changing healthcare for the better, then Clover may just be the place for you.

Clover Health

Want to learn more about Clover Health? Visit Clover Health's website.