Senior GRC Security Analyst (remote)

At Claritev, we pride ourselves on being a dynamic team of innovative professionals. Our purpose is simple - we strive to bend the cost curve in healthcare for all. Our dedication to service excellence extends to all our stakeholders - internal and external - driving us to consistently exceed expectations. We are intentionally bold, we foster innovation, we nurture accountability, we champion diversity, and empower each other to illuminate our collective potential.Be part of our amazing transformational journey as we optimize the opportunity towards becoming a leading technology, data, and innovation voice in healthcare. Onward and Upward!!!Job SummaryThis role will support leadership in the non-TPRM aspects of Claritev’s GRC program, with emphasis on cyber risk management, risk intake and reporting, policy and exception management, audit and control assurance, security assessments, security awareness, and the security aspects of AI, data, and insider risk governance. Working closely with business units, IT stakeholders, and partner functions such as Privacy, Legal, Compliance, and AI Governance, this position will be responsible for executing and maturing core risk management processes, maintaining the security risk register, and improving visibility, accountability, and resilience across the program.Job Roles And ResponsibilitiesServe as a trusted advisor and subject matter expert, providing cyber risk management and security governance support to IT and business stakeholders. Support the GRC leader in executing strategy and multi-year roadmaps to mature Claritev’s GRC function.Collaborate with security, IT, privacy, legal, compliance, and business stakeholders to develop standards and processes that protect the confidentiality, integrity, and availability of Claritev data.Own and mature core non-TPRM GRC workflows and tooling, including risk intake, risk register administration, treatment plan tracking, exception handling, and risk escalation processes.Drive ongoing efforts to identify, assess, treat, monitor, and report cybersecurity risks, and help build GRC capabilities such as enterprise cyber risk management, policy governance, audit support, and control assurance.Assist with audits and reviews of assigned business processes to evaluate the adequacy of controls, document findings, recommend improvements, and track remediation activities through closure.Build and maintain a cyber risk taxonomy tied to key risk themes, and ensure material risks are categorized consistently for reporting and decision-making.Coordinate and mature the overall process for security policy and standard lifecycle management, including periodic reviews, stakeholder approvals, exception handling, and risk acceptance.Develop and implement assessment procedures, evidence collection practices, and control assurance activities relevant to risk, compliance, and top control monitoring objectives across IT departments.Perform and coordinate security risk assessments for internal initiatives, business processes, technology changes, and other in-scope activities to identify, assess, treat, and monitor cybersecurity risks.Partner with the AI governance team and other stakeholders to define and execute the security review process for AI tools, AI-enabled vendors, and high-risk use cases involving sensitive data.Support workforce risk governance and security awareness initiatives by translating risk trends, findings, and incidents into targeted guidance, communications, and control recommendations.Build and maintain leadership reporting and dashboards that communicate risk exposure, exceptions, remediation status, and program KPIs/KRIs.Coordinate with the TPRM team to ensure residual third-party risks and significant vendor issues are escalated into the central risk register and reporting cadence.Collaborate, coordinate, and communicate effectively across disciplines and departments, and demonstrate the Company’s Core Competencies and values held within.The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.,REQUIREMENTS (Education, Experience, And Training)At least 7+ years' experience directly in cybersecurity or information security GRC, with a demonstrated track record of leading complex projects in at least two of the following areas: cyber risk management, policy and exception management, security assessments, control assurance, security awareness, or AI/data/insider risk governance.A deep understanding of risk assessment methodology, NIST CSF, HITRUST, HIPAA, and associated security and privacy rules.Strong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, escalation, and reporting.Experience building and maintaining risk taxonomies, risk registers, treatment plans, executive reporting, and KPI/KRI dashboards.Strong knowledge of policy lifecycle management, exception handling, risk acceptance, remediation tracking, and overall business processes, controls, and risk exposure.Functional knowledge of information security domains, industry standards, and best practices, along with the ability to identify and recommend tools, processes, and automation opportunities to continuously improve security and compliance practices.Previous experience with GRC solutions such as Onspring, Archer, Lockpath, LogicGate, or similar platforms; hands-on workflow and reporting configuration experience preferred.Technical understanding of cloud-based security.Experience collaborating with cross-functional stakeholders such as Privacy, Legal, Compliance, Internal Audit, HR, and AI Governance; familiarity with AI security governance, data governance, insider risk, or security awareness programs is a plus.CISSP, CISA, CISM, CRISC, or similar certifications are a plus.Ability to maintain confidentiality of information and exercise sound judgment when handling sensitive matters.Ability to work independently as well as within a team, communicate effectively with technical and non-technical stakeholders, and influence decisions through clear recommendations.Ability to organize, prioritize, and coordinate multiple work activities, adapt to changing priorities, and meet target deadlines.Ability to travel as needed to Company locations and third-party locations within the US. Required licensures, professional certifications, and/or Board certifications as applicable.Individual in this position must be able to work in a standard office environment which requires sitting and viewing monitor(s) for extended periods of time, operating standard office equipment such as, but not limited to, a keyboard, copier, and telephone.CompensationThe salary range for this position is $130-145k. Specific offers take into account a candidate’s education, experience and skills, as well as the candidate’s work location and internal equity. This position is also eligible for health insurance, 401k and bonus opportunity.BenefitsWe realize that our employees are instrumental to our success, and we reward them accordingly with very competitive compensation and benefits packages, an incentive bonus program, as well as recognition and awards programs. Our work environment is friendly and supportive, and we offer flexible schedules whenever possible, as well as a wide range of live and web-based professional development and educational programs to prepare you for advancement opportunities.Your Benefits Will Include Medical, dental and vision coverage with low deductible & copayLife insurance Short and long-term disabilityPaid Parental Leave401(k) + matchEmployee Stock Purchase PlanGenerous Paid Time Off - accrued based on years of serviceWA Candidates: the accrual rate is 4.61 hours every other week for the first two years of tenure before increasing with additional years of service10 paid company holidaysTuition reimbursementFlexible Spending AccountEmployee Assistance ProgramSick time benefits - for eligible employees, one hour of sick time for every 30 hours worked, up to a maximum accrual of 40 hours per calendar year, unless the laws of the state in which the employee is located provide for more generous sick time benefits EEO STATEMENTClaritev is an Equal Opportunity Employer and complies with all applicable laws and regulations. Qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability or protected veteran status. If you would like more information on your EEO rights under the law, please click here.APPLICATION DEADLINEWe will generally accept applications for at least 5 calendar days from the posting date or as long as the job remains posted.