Skip to Main Content

Search GoHealth Opportunities

We're growing & hiring.

Return to all jobs

Governance Risk and Compliance Analyst II


GoHealth Intro: GoHealth is a leading health insurance marketplace and Medicare-focused digital health company. Through the efficient, multi-tiered guidance of our highly specialized licensed insurance agents, GoHealth meets Medicare consumers where they are in their enrollment journeys and empowers them to choose the plan and carrier best suited for their healthcare needs. Our extensive industry expertise, including the use of data science and machine learning with key investments in proprietary technology, helps consumers cut through the confusion and enroll confidently.

Why Apply: As an industry leader in the Medicare marketplace, we are compelled to not only embrace change but to actively be the change to adapt to our consumers complex needs. We believe in hiring risk-takers, innovators, and collaborators within our industry to create individualized, simplified healthcare solutions for our beneficiaries.

Our #TeamGoHealth employees are at the core of our collective success; that's why we are committed to discovering the best in-class talent and ensuring that each team member receives the development tools and support they need to flourish in their professional endeavors.

We also understand that you may not check every box in our requirements list -- most applicants don’t! In fact, frequently cited statistics show that women and underrepresented groups apply to jobs only if they meet 100% of the qualifications. GoHealth encourages you to break that statistic and to apply today!

About the role: The Analyst for Information Security Governance, Risk, and Compliance (GRC) is responsible for assessing and documenting the company’s compliance and risk levels as they relate to its products and supporting information assets. 

The purpose of this position is to provide skilled technical and information security risk experience to drive the maturation of information security risk management and compliance programs. Responsibilities require technical and program-building experience and ensuring effective full-stack security analysis; standards and testing; risk assessment, and compliance reviews.  The goal is to provide risk and compliance visibility at the product level, within each GoHealth solution stack. This role reports to the Lead GRC Analyst of GoHealth based in Chicago, IL. The GRC analyst interacts with leadership on a regular basis; strong communications skills and experience in managing programs are essential. 

What you’ll do: 

  • Support the development and implementation of the system-wide risk management function of the information security program, to ensure information security risks are identified and monitored 
  • Provide visibility into risk at the product level 
  • Knowledge of applicable US laws and regulations as they relate to Information Security and the effective management of Information Security Risks. 
  • Assess contractual and regulatory compliance at the business level 
  • Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for systems supporting business solution stacks and associated products. 
  • Develop and implement effective and reasonable procedures and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation. 
  • Must be able to assess computer hardware, software, and cloud-based systems for security risks and compliance violations and work with internal customers, to review and assess solutions. 
  •  Must have a strong customer service orientation and the ability to project that attitude to business and technology stakeholders.
  • Liaise with policy and standards workgroup and business stakeholders to advise on language related to information security risk and compliance requirements. 
  • Conduct information security risk assessments; assess and document control deficiencies;  identify and report on gaps and opportunities to automate processes & procedures.   

What we’re looking for: 

  • Minimum of 3 years’ experience working in an information security risk & compliance management program. 
  • Solid understanding of the NIST CSF  
  • Strong demonstrated knowledge of enterprise systems, cloud solutions, and associated IT/security technologies. 
  • Strong knowledge of information security risk management frameworks and compliance practices, specifically NIST SP800-37r2 Risk Management Framework
  • Experience with Information Security risk analysis  
  • Understanding of common compliance regulations (e.g., HiTrust, HIPAA, SOX IT, SOC1, SOC2) 
  • Understanding of key cloud security architecture principles, as well as appropriate enterprise data handling practices 
  • Understanding of CIS Cloud Security Benchmark guidelines  

Benefits and Perks: 

  • Open vacation policy, because work-life balance is important 
  • 401k program with company match 
  • Employee Stock Purchase Program 
  • Medical, dental, vision, and life insurance benefits 
  • Paid maternity and paternity leave 
  • Professional growth opportunities 
  • Generous employee referral bonuses 
  • Employee Resource Groups
  • Work from Home Stipend 
  • GoHealth is an Equal Opportunity Employer  


  • Bachelor’s degree in computer science, CIS, Engineering, Cybersecurity, or related field (or equivalent work or military experience in a related field) 


  • CRISC  

Location: Onsite/Hybrid 


GoHealth Privacy Policy