Director, Compliance and Risk

About The Position

Requirements

• Bachelor’s degree or equivalent work experience.
• Ten years of progressive experience in privacy and/or compliance roles.
• Six years of experience leading a compliance, regulatory, or privacy program in a healthcare delivery organization.
• Experience in program creation and implementation within a matrixed environment.
• Demonstrated ability to provide leadership and oversight to non-technical operational functions, including cross-functional teams.
• Demonstrated knowledge of healthcare compliance and privacy obligations.
• Strong business acumen and ability to oversee operational functions without deep technical expertise.
• Excellent interpersonal, public speaking, and written communication skills.
• Ability to communicate complex information to all levels of the organization.
• Proven ability to develop effective cross-functional relationships, including senior leadership and technical teams.
• Ability to develop strategy, lead change, and manage efficient operations

Nice To Haves

• Certified in Healthcare Compliance. (CHC)
• Experience in high-level operational oversight of IT, digital operations, or data-governance functions.

Responsibilities

• Serve as Kinwell’s Compliance & Ethics Officer and Privacy Official.
• Provide strategic guidance to executive leadership and the Board on emerging regulatory trends, enforcement risks, and organizational compliance posture.
• Promote organizational values and ensure compliance with legal and regulatory requirements.
• Manage and mentor the Compliance team, ensuring alignment with organizational standards and expectations.
• Develop and implement enterprise-wide compliance strategies, training, and communication programs.
• Present compliance updates to executive leadership.
• Serve as a liaison with external partners, including legal counsel, regulatory bodies, accreditation entities, and major stakeholders such as Premera.
• Lead risk assessments, audits, investigations, and corrective action plans.
• Maintain expertise in privacy laws (HIPAA/HITECH), enforcement trends, and internal controls.
• Oversee compliance and privacy initiatives, including coding audits and incident management.
• Manage privacy incidents, breaches and reporting obligations; conduct HIPAA risk assessments.
• Identify, evaluate, and reduce risks that may impact patient safety, clinical quality, or organizational operations.
• Serve as the primary liaison for Internal Audit and ensure robust internal controls, risk mitigation strategies, and audit readiness across the enterprise.
• Partner with operational and clinical leadership to strengthen processes, close gaps, and support strategic initiatives that improve safety, efficiency, and quality outcomes.
• Conduct complex risk analyses, clinical risk reviews, and systemwide trend assessments to proactively identify and mitigate high-impact threats to patient safety and organizational operations.
• Direct incident reporting systems, root-cause analyses, and corrective action implementation to drive high reliability and continuous improvement.
• Prepare risk assessments and present risk exposure trends to executive leadership and the Board.
• Chair and oversee the Compliance Committee governance, including planning, facilitation and follow-up activities.
• Establish and maintain a strategic partnership with the IT and Information Security teams to ensure alignment across regulatory compliance, data protection, and enterprise risk management initiatives.
• Serve as a primary liaison to Premera Blue Cross, ensuring alignment on compliance programs, regulatory requirements and risk management strategies.

Benefits

• Paid Time Off & Paid Holidays
• Medical/Vision/Dental Insurance
• Personal Funding Accounts (HSA, FSA, DCA)
• 401K
• Basic Life Insurance
• Disability-Short Term and Long-Term
• Supplemental Life and ADD&D
• Tuition Reimbursement for qualifying programs
• Employee Assistance