Senior GRC Security Analyst (remote)

At Claritev, we pride ourselves on being a dynamic team of innovative professionals. Our purpose is simple - we strive to bend the cost curve in healthcare for all. Our dedication to service excellence extends to all our stakeholders - internal and external - driving us to consistently exceed expectations. We are intentionally bold, we foster innovation, we nurture accountability, we champion diversity, and empower each other to illuminate our collective potential. Be part of our amazing transformational journey as we optimize the opportunity towards becoming a leading technology, data, and innovation voice in healthcare. Onward and Upward!!! Job Summary This role will support leadership in the non-TPRM aspects of Claritev’s GRC program, with emphasis on cyber risk management, risk intake and reporting, policy and exception management, audit and control assurance, security assessments, security awareness, and the security aspects of AI, data, and insider risk governance. Working closely with business units, IT stakeholders, and partner functions such as Privacy, Legal, Compliance, and AI Governance, this position will be responsible for executing and maturing core risk management processes, maintaining the security risk register, and improving visibility, accountability, and resilience across the program. Job Roles And Responsibilities

• Serve as a trusted advisor and subject matter expert, providing cyber risk management and security governance support to IT and business stakeholders. Support the GRC leader in executing strategy and multi-year roadmaps to mature Claritev’s GRC function.
• Collaborate with security, IT, privacy, legal, compliance, and business stakeholders to develop standards and processes that protect the confidentiality, integrity, and availability of Claritev data.
• Own and mature core non-TPRM GRC workflows and tooling, including risk intake, risk register administration, treatment plan tracking, exception handling, and risk escalation processes.
• Drive ongoing efforts to identify, assess, treat, monitor, and report cybersecurity risks, and help build GRC capabilities such as enterprise cyber risk management, policy governance, audit support, and control assurance.
• Assist with audits and reviews of assigned business processes to evaluate the adequacy of controls, document findings, recommend improvements, and track remediation activities through closure.
• Build and maintain a cyber risk taxonomy tied to key risk themes, and ensure material risks are categorized consistently for reporting and decision-making.
• Coordinate and mature the overall process for security policy and standard lifecycle management, including periodic reviews, stakeholder approvals, exception handling, and risk acceptance.
• Develop and implement assessment procedures, evidence collection practices, and control assurance activities relevant to risk, compliance, and top control monitoring objectives across IT departments.
• Perform and coordinate security risk assessments for internal initiatives, business processes, technology changes, and other in-scope activities to identify, assess, treat, and monitor cybersecurity risks.
• Partner with the AI governance team and other stakeholders to define and execute the security review process for AI tools, AI-enabled vendors, and high-risk use cases involving sensitive data.
• Support workforce risk governance and security awareness initiatives by translating risk trends, findings, and incidents into targeted guidance, communications, and control recommendations.
• Build and maintain leadership reporting and dashboards that communicate risk exposure, exceptions, remediation status, and program KPIs/KRIs.
• Coordinate with the TPRM team to ensure residual third-party risks and significant vendor issues are escalated into the central risk register and reporting cadence.
• Collaborate, coordinate, and communicate effectively across disciplines and departments, and demonstrate the Company’s Core Competencies and values held within.
• The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.

, REQUIREMENTS (Education, Experience, And Training)

• At least 7+ years' experience directly in cybersecurity or information security GRC, with a demonstrated track record of leading complex projects in at least two of the following areas: cyber risk management, policy and exception management, security assessments, control assurance, security awareness, or AI/data/insider risk governance.
• A deep understanding of risk assessment methodology, NIST CSF, HITRUST, HIPAA, and associated security and privacy rules.