GoHealth Intro: As a leading health insurance marketplace, Go Health’s mission is to improve access to healthcare in America. For customers, enrolling in a health insurance plan is confusing and difficult, and seemingly small differences between plans can lead to significant out-of-pocket costs or lack of access to critical medicines and even providers. We use our technology, agents, and expertise to cut through the confusion and get customers enrolled in a plan with the right coverage and benefits.
Why Apply? GoHealth has established a culture where our employees feel empowered, engaged, and inspired. We are looking for builders who will contribute to the company’s long-term health. We also understand that you may not check every box in our requirements list, most applicants don’t! In fact, frequently cited statistics show that women and underrepresented groups apply to jobs only if they meet 100% of the qualifications. GoHealth encourages you to break that statistic and to apply today!
About The RoleAs a Senior Governance, Risk, and Compliance (GRC) Analyst, you will play a pivotal role in the development and implementation of cyber and third-party risk management strategies. Your primary focus will be on overseeing the development and enhancement of GRC processes and tools, particularly across compliance, risk, and third-party modules. You will collaborate closely with service providers to ensure seamless integration and alignment with organizational objectives.
What You’ll Do

• Cyber and Third-Party Risk Management Development: Spearhead the development and enhancement of strategies and frameworks for managing cyber and third-party risks.
• Process and GRC Tool Implementation: Collaborate with service providers to implement GRC tools and streamline processes across compliance, risk, and third-party modules.
• Control Risk Library Maintenance: Develop and maintain a comprehensive library of controls and risk assessments to support effective risk management practices.
• Continuous Monitoring: Conduct ongoing risk assessments and monitoring activities to identify and mitigate emerging threats and vulnerabilities.
• Interact with Security Team and relevant stakeholders: Collaborate closely with the security team, legal, tech leadership to ensure alignment with security capabilities and adherence to regulatory and compliance standards.
• Adherence to Regulatory and Compliance Standards: Ensure compliance with relevant standards and regulations, including but not limited to HITRUST, NY DFS, NIST CSF, carrier contractual obligations, and SEC requirements.

What We’re Looking For

• Proven experience in GRC, cyber, or third-party risk management roles, preferably in a senior capacity.
• Strong understanding of regulatory and compliance standards, including HITRUST, NY DFS, CIS, NIST CSF, and SEC requirements.
• Proficiency in GRC tools and platforms, along with experience in process implementation and enhancement.
• Strong analytical and problem-solving skills, with the ability to assess and mitigate complex risks effectively.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively across teams and stakeholders.
• Certifications: Relevant certifications such as CISSP, CISA, CRISC, or similar are preferred.
• Education: Bachelor's degree in a related field; advanced degree or relevant certifications are a plus.

Location: Hybrid Benefits & Perks

• Open vacation policy
• 401(k) program with company match
• Medical, dental, vision, and life insurance benefits
• Flexible spending accounts
• Subsidized gym memberships
• Commuter and transit benefits
• Professional growth opportunities
• Casual dress code
• Generous employee referral bonuses
• Happy hours, ping-pong tournaments, and more company-sponsored events
• GoHealth is an equal opportunity employer.