Senior Analyst, Governance Risk and Compliance

GoHealth Intro : As a leading health insurance marketplace, Go Health’s mission is to improve access to healthcare in America.

For customers, enrolling in a health insurance plan is confusing and difficult, and seemingly small differences between plans can lead to significant out-of-pocket costs or lack of access to critical medicines and even providers.

We use our technology, agents, and expertise to cut through the confusion and get customers enrolled in a plan with the right coverage and benefits.

Why Apply? GoHealth has established a culture where our employees feel empowered, engaged, and inspired. We are looking for builders who will contribute to the company’s long-term health.

We also understand that you may not check every box in our requirements list, most applicants don’t! In fact, frequently cited statistics show that women and underrepresented groups apply to jobs only if they meet 100% of the qualifications.

GoHealth encourages you to break that statistic and to apply today!

About the role :

As a Senior Governance, Risk, and Compliance (GRC) Analyst, you will play a critical role in managing regulatory compliance, particularly focusing on New York Department of Financial Services (NY DFS) and Carrier Business Associate Agreement (BAA) requirements.

You will lead the evaluation of MSRs (Minimum Security Requirements) and GAP assessments, coordinating remediation efforts across various teams and stakeholders.

Additionally, you will contribute to the development of cyber and third-party risk management frameworks and processes, ensuring alignment with organizational objectives.

What You’ll Do :

• Lead the evaluation and assessment of MSRs and GAPs, ensuring compliance with NY DFS and Carrier BAA requirements.
• Coordinate remediation efforts with technology, security, legal, compliance teams, and other stakeholders to address identified gaps and vulnerabilities.
• Contribute to the development and enhancement of cyber and third-party risk management frameworks and processes.
• Conduct periodic risk assessments and compliance self-assessments to identify and mitigate emerging risks.
• Build out dashboards and generate robust reports to provide insights into compliance status and risk posture.
• Proactively identify emerging risks and vulnerabilities and recommend appropriate mitigation strategies.
• Collaborate effectively with cross-functional teams and stakeholders to ensure alignment of GRC activities with organizational goals and objectives.

What We’re Looking For :

• Proven experience in GRC, cyber, or third-party risk management roles, preferably in a senior capacity.
• Strong understanding of regulatory and compliance standards, including HITRUST, NY DFS, CIS, NIST CSF, and SEC requirements.
• Proficiency in GRC tools and platforms, along with experience in process implementation and enhancement.
• Strong analytical and problem-solving skills, with the ability to assess and mitigate complex risks effectively.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively across teams and stakeholders.
• Certifications : Relevant certifications such as CISSP, CISA, CRISC, or similar are preferred.
• Bachelor's degree in a related field; advanced degree or relevant certifications are a plus.

Location : Hybrid

Benefits & Perks

• Open vacation policy
• 401(k) program with company match
• Medical, dental, vision, and life insurance benefits
• Flexible spending accounts
• Subsidized gym memberships
• Commuter and transit benefits
• Professional growth opportunities
• Casual dress code
• Generous employee referral bonuses
• Happy hours, ping-pong tournaments, and more company-sponsored events
• GoHealth is an equal opportunity employer.

LI-SI1