Senior Manager, Governance, Risk, and Compliance

GoHealth Intro : As a leading health insurance marketplace, Go Health’s mission is to improve access to healthcare in America.

For customers, enrolling in a health insurance plan is confusing and difficult, and seemingly small differences between plans can lead to significant out-of-pocket costs or lack of access to critical medicines and even providers.

We use our technology, agents, and expertise to cut through the confusion and get customers enrolled in a plan with the right coverage and benefits.

Why Apply? GoHealth has established a culture where our employees feel empowered, engaged, and inspired. We are looking for builders who will contribute to the company’s long-term health.

We also understand that you may not check every box in our requirements list, most applicants don’t! In fact, frequently cited statistics show that women and underrepresented groups apply to jobs only if they meet 100% of the qualifications.

GoHealth encourages you to break that statistic and to apply today!

About the role :

We are seeking a dynamic individual to join our team as a Senior Manager, GRC (Governance, Risk, and Compliance). As a key member of our compliance group, you will lead a team and collaborate with multiple vendors to develop and maintain a robust model for cyber and third-party risk management processes.

Your role will involve conducting IT risk assessments, overseeing continuous monitoring efforts, and facilitating the deployment of a GRC platform.

Additionally, you will focus on regulatory compliance monitoring for various standards including CMS, NIST, HITRUST, NY DFS, and carrier contractual obligations.

What You’ll Do :

• Lead and manage a team of at least three direct reports within the compliance group.
• Collaborate with multiple vendors to develop and maintain a sustainable model for cyber and third-party risk management processes.
• Conduct IT risk assessments to identify vulnerabilities and prioritize mitigation efforts.
• Oversee continuous monitoring activities to ensure timely detection and response to emerging threats.
• Facilitate the deployment and integration of a GRC platform to streamline compliance efforts and enhance risk management capabilities.
• Monitor regulatory compliance requirements, including CMS, NIST, HITRUST, NY DFS, and carrier contractual obligations, and ensure organizational adherence.
• Develop and implement policies, procedures, and controls to mitigate compliance and security risks.
• Act as a subject matter expert and provide guidance to internal stakeholders on compliance-related matters.
• Collaborate cross-functionally with IT, legal, and other departments to align compliance initiatives with business objectives.
• Stay abreast of emerging trends, regulations, and best practices in GRC and cybersecurity to continuously enhance the organization's risk management program.

What We’re Looking For :

• Bachelor's degree in Information Technology, Cybersecurity, Business Administration, or related field. Master's degree preferred.
• Minimum of 5-7 years of experience in GRC, compliance, or related roles, with demonstrated expertise in cyber and third-party risk management.
• Experience managing a team and leading cross-functional projects.
• Strong understanding of regulatory requirements and standards such as CMS, NIST, HITRUST, NY DFS, and carrier contractual obligations.
• Experience with GRC platforms and tools preferred.
• Excellent communication, leadership, and problem-solving skills.
• Relevant certifications such as CISA, CISSP, CRISC, or equivalent are a plus.

Location : Hybrid

Benefits & Perks

• Open vacation policy
• 401(k) program with company match
• Medical, dental, vision, and life insurance benefits
• Flexible spending accounts
• Subsidized gym memberships
• Commuter and transit benefits
• Professional growth opportunities
• Casual dress code
• Generous employee referral bonuses
• Happy hours, ping-pong tournaments, and more company-sponsored events
• GoHealth is an equal opportunity employer.

LI-SI1