Senior GRC Security Analyst (remote)

About The Position

Requirements

• At least 7+ years' experience directly in cybersecurity or information security GRC, with a demonstrated track record of leading complex projects in at least two of the following areas: cyber risk management, policy and exception management, security assessments, control assurance, security awareness, or AI/data/insider risk governance.
• A deep understanding of risk assessment methodology, NIST CSF, HITRUST, HIPAA, and associated security and privacy rules.
• Strong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, escalation, and reporting.
• Experience building and maintaining risk taxonomies, risk registers, treatment plans, executive reporting, and KPI/KRI dashboards.
• Strong knowledge of policy lifecycle management, exception handling, risk acceptance, remediation tracking, and overall business processes, controls, and risk exposure.
• Functional knowledge of information security domains, industry standards, and best practices, along with the ability to identify and recommend tools, processes, and automation opportunities to continuously improve security and compliance practices.
• Previous experience with GRC solutions such as Onspring, Archer, Lockpath, LogicGate, or similar platforms; hands-on workflow and reporting configuration experience preferred.
• Technical understanding of cloud-based security.
• Experience collaborating with cross-functional stakeholders such as Privacy, Legal, Compliance, Internal Audit, HR, and AI Governance; familiarity with AI security governance, data governance, insider risk, or security awareness programs is a plus.
• CISSP, CISA, CISM, CRISC, or similar certifications are a plus.
• Ability to maintain confidentiality of information and exercise sound judgment when handling sensitive matters.
• Ability to work independently as well as within a team, communicate effectively with technical and non-technical stakeholders, and influence decisions through clear recommendations.
• Ability to organize, prioritize, and coordinate multiple work activities, adapt to changing priorities, and meet target deadlines.
• Ability to travel as needed to Company locations and third-party locations within the US. Required licensures, professional certifications, and/or Board certifications as applicable.
• Individual in this position must be able to work in a standard office environment which requires sitting and viewing monitor(s) for extended periods of time, operating standard office equipment such as, but not limited to, a keyboard, copier, and telephone.

Responsibilities

• Serve as a trusted advisor and subject matter expert, providing cyber risk management and security governance support to IT and business stakeholders.
• Support the GRC leader in executing strategy and multi-year roadmaps to mature Claritev’s GRC function.
• Collaborate with security, IT, privacy, legal, compliance, and business stakeholders to develop standards and processes that protect the confidentiality, integrity, and availability of Claritev data.
• Own and mature core non-TPRM GRC workflows and tooling, including risk intake, risk register administration, treatment plan tracking, exception handling, and risk escalation processes.
• Drive ongoing efforts to identify, assess, treat, monitor, and report cybersecurity risks, and help build GRC capabilities such as enterprise cyber risk management, policy governance, audit support, and control assurance.
• Assist with audits and reviews of assigned business processes to evaluate the adequacy of controls, document findings, recommend improvements, and track remediation activities through closure.
• Build and maintain a cyber risk taxonomy tied to key risk themes, and ensure material risks are categorized consistently for reporting and decision-making.
• Coordinate and mature the overall process for security policy and standard lifecycle management, including periodic reviews, stakeholder approvals, exception handling, and risk acceptance.
• Develop and implement assessment procedures, evidence collection practices, and control assurance activities relevant to risk, compliance, and top control monitoring objectives across IT departments.
• Perform and coordinate security risk assessments for internal initiatives, business processes, technology changes, and other in-scope activities to identify, assess, treat, and monitor cybersecurity risks.
• Partner with the AI governance team and other stakeholders to define and execute the security review process for AI tools, AI-enabled vendors, and high-risk use cases involving sensitive data.
• Support workforce risk governance and security awareness initiatives by translating risk trends, findings, and incidents into targeted guidance, communications, and control recommendations.
• Build and maintain leadership reporting and dashboards that communicate risk exposure, exceptions, remediation status, and program KPIs/KRIs.
• Coordinate with the TPRM team to ensure residual third-party risks and significant vendor issues are escalated into the central risk register and reporting cadence.
• Collaborate, coordinate, and communicate effectively across disciplines and departments, and demonstrate the Company’s Core Competencies and values held within.
• The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.

Benefits

• Medical, dental and vision coverage with low deductible & copay
• Life insurance
• Short and long-term disability
• Paid Parental Leave
• 401(k) + match
• Employee Stock Purchase Plan
• Generous Paid Time Off – accrued based on years of service
• 10 paid company holidays
• Tuition reimbursement
• Flexible Spending Account
• Employee Assistance Program
• Sick time benefits – for eligible employees, one hour of sick time for every 30 hours worked, up to a maximum accrual of 40 hours per calendar year, unless the laws of the state in which the employee is located provide for more generous sick time benefits