Director, Governance, Risk, and Compliance (GRC)

Director, Governance, Risk, and Compliance (GRC)

At Clover, the Business Enablement team leads our technological advancement while ensuring robust security and compliance. We deliver user-friendly corporate applications, manage complex data ecosystems, and provide efficient tech solutions across the organization. Our goal is simple: we make it easy for the business to do what’s right for Clover.

Job Overview

Clover Health is seeking a Director of Governance, Risk, and Compliance (GRC) to define and execute our security governance and risk strategy in support of Clover’s growth as a public, technology-enabled healthcare company. This role operates at the enterprise level, shaping functional strategy while driving execution through cross-functional influence rather than direct authority. The Director of GRC is accountable for Clover’s security risk posture, regulatory compliance readiness, and resilience capabilities, ensuring that governance, risk, and compliance activities are aligned to business priorities and long-term company outcomes.

Key Responsibilities

As a Director, Governance, Risk, and Compliance you will:

Governance & Security Risk Strategy

• Define and evolve Clover Health’s security governance and risk management strategy, aligning function-level priorities with enterprise objectives and the security roadmap.
• Establish a risk-driven approach to governance aligned with:
• HIPAA Security and Privacy Rules
• NIST Cybersecurity Framework (CSF) v2
• NIST AI Risk Management Framework (AI RMF), where applicable
• Anticipate security and regulatory risks 12+ months out, using business, product, regulatory, and market signals to inform strategy and tradeoffs.
• Ensure security risk decisions are clearly framed, documented, and communicated in business terms for executive and board-level audiences.
• Assist the CISO in setting security risk priorities, framing tradeoffs, and communicating risk posture and progress to executive leadership and the Board.

Compliance & Regulatory Leadership

• Own Clover Health’s security compliance posture as a public healthcare company, including federal and state regulatory obligations.
• Lead security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.
• Drive clarity, consistency, and maturity in security policies, standards, and procedures.