Director, Compliance and Risk

Kinwell•Columbia, WA

22h•Hybrid

About The Position

Kinwell was founded on the principle of personalized, whole-hearted care for every patient. We believe the best healthcare is a conversation, and one that includes nutrition, fitness, sleep, and behavioral health. Our Clinicians and Clinic Support staff drive real change in their patient’s well-being. Along the way, we are setting a new standard for primary care, making it more accessible, impactful, and holistic. We are dedicated to building great places to work. We value all teammates and respect a diversity of thought, ideas, and cultures—all focused on the common goal of nurturing the health of those we serve. Kinwell fosters a culture that promotes employee growth, collaborative innovation, and inspired leadership. We bring agility to work every day and thrive on the opportunity to create something refreshing and new. This is where you come in. If you are looking for a new primary care opportunity, one based on the quality of care, not the quantity of patients, please consider our available positions. The Director of Compliance and Risk provides senior-level leadership and strategic oversight of the organization’s risk management activities, Compliance Program requirements, and regulatory compliance. This role promotes compliance with all federal and state healthcare regulations, maintains a strong culture of ethical behavior, and safeguards patient information to improve operations. This is a hybrid position, with flexibility to come to our Mountlake Terrace office o ne day per w eek. The Director of Compliance and Risk will also travel to Kinwell clinics as needed.

Requirements

Bachelor’s degree or equivalent work experience.
Ten years of progressive experience in privacy and/or compliance roles.
Six years of experience leading a compliance, regulatory, or privacy program in a healthcare delivery organization.
Experience in program creation and implementation within a matrixed environment.
Demonstrated ability to provide leadership and oversight to non-technical operational functions, including cross-functional teams.
Demonstrated knowledge of healthcare compliance and privacy obligations.
Strong business acumen and ability to oversee operational functions without deep technical expertise.
Excellent interpersonal, public speaking, and written communication skills.
Ability to communicate complex information to all levels of the organization.
Proven ability to develop effective cross-functional relationships, including senior leadership and technical teams.
Ability to develop strategy, lead change, and manage efficient operations.

Nice To Haves

Certified in Healthcare Compliance. (CHC)
Experience partnering with IT, digital operations, and data‑governance teams to ensure compliance, risk management, and regulatory alignment (direct technical experience not required).

Responsibilities

Serve as Kinwell’s Compliance & Ethics Officer and Privacy Official.
Provide strategic guidance to executive leadership and the Board on emerging regulatory trends, enforcement risks, and organizational compliance posture.
Promote organizational values and ensure compliance with legal and regulatory requirements.
Manage and mentor the Compliance team, ensuring alignment with organizational standards and expectations.
Develop and implement enterprise-wide compliance strategies, training, and communication programs.
Present compliance updates to executive leadership.
Serve as a liaison with external partners, including legal counsel, regulatory bodies, accreditation entities, and major stakeholders such as Premera.
Lead risk assessments, audits, investigations, and corrective action plans.
Maintain expertise in privacy laws (HIPAA/HITECH), enforcement trends, and internal controls.
Oversee compliance and privacy initiatives, including coding audits and incident management.
Manage privacy incidents, breaches and reporting obligations; conduct HIPAA risk assessments.
Identify, evaluate, and reduce risks that may impact patient safety, clinical quality, or organizational operations.
Serve as the primary liaison for Internal Audit and ensure robust internal controls, risk mitigation strategies, and audit readiness across the enterprise.
Partner with operational and clinical leadership to strengthen processes, close gaps, and support strategic initiatives that improve safety, efficiency, and quality outcomes.
Conduct complex risk analyses, clinical risk reviews, and systemwide trend assessments to proactively identify and mitigate high-impact threats to patient safety and organizational operations.
Direct incident reporting systems, root-cause analyses, and corrective action implementation to drive high reliability and continuous improvement.
Partner with operational and clinical leadership to strengthen processes, close gaps, and support strategic initiatives that improve safety, efficiency, and quality outcomes.
Prepare risk assessments and present risk exposure trends to executive leadership and the Board.
Chair and oversee the Compliance Committee governance, including planning, facilitation and follow-up activities.
Establish and maintain a strategic partnership with the IT and Information Security teams to ensure alignment across regulatory compliance, data protection, and enterprise risk management initiatives.
Serve as a primary liaison to Premera Blue Cross, ensuring alignment on compliance programs, regulatory requirements and risk management strategies.