Director, Compliance

About The Position

Requirements

• Strong regulatory expertise across CMS programs, HIPAA/privacy rules, state managed care requirements, and healthcare fraud/waste/abuse regulations.
• Experience scaling compliance functions in a startup or fast-growth healthcare environment.
• Operational fluency in clinical, care management, and data exchange processes common in value-based care organizations.
• Exceptional communication and influencing skills with the ability to work cross-functionally and advise both executive leadership and front-line teams.
• High analytical capability with proficiency in interpreting regulatory text, designing controls, and reviewing data sets for compliance anomalies.
• Strong leadership and team-building skills with experience developing compliance staff and fostering an ethical organizational culture.
• Detail-oriented and process-driven, with strong project management skills and the ability to execute in a dynamic, ambiguous environment.
• Proficiency in Governance, Risk, and Compliance (GRC) systems and tools, with proven experience in optimizing and integrating GRC processes to drive efficiency, automation, and data-driven insights.
• Proven experience managing complex internal and external audits, including regulatory examinations (e.g., CMS, state agencies) and payor audits
• Five (5) to seven (7) years of work experience in a compliance function, preferably with a Mental Health provider.
• 5-7 years of experience with health care regulatory agencies in development of compliance programs.
• Experience working with Medicare, Medicare Advantage, and Medicaid.
• 5+ years’ experience with overseeing implementation of payer contracts.
• Bachelor’s degree in related field or equivalent experience; advanced degree or certifications (e.g., JD, CHC, CHPC, CPC, RHIA) preferred.

Responsibilities

• Policy & Procedure Management: Develop, implement, and maintain compliance policies, procedures, and training programs, ensuring they are current and effective.
• Incident & Violation Management: Lead the process for investigating and documenting HIPAA violations, handling all associated forms and reporting. Manage all incident reporting, from initial intake to resolution.
• Regulatory & Audit Oversight: Oversee and manage payor audits, OIG and SAM exclusion reporting for external vendors, and other regulatory filings.
• Leadership & Collaboration: Lead the internal Compliance Committee and serve as the main point of contact for compliance-related inquiries from all departments. Work cross-functionally and collaborate with external counsel, IT, and other teams.
• Risk Management: Maintain and manage the organizations risk register ensuring that all risks are captured, given a priority, and ultimately resolved within required timeframes.
• NCQA Certification: Lead the NCQA certification process to bring licensing and credentialing in-house, ensuring all requirements are met and documented.
• Vendor Management: Partner with the IT department on the Vendor Management Process, focusing on compliance and security. Appropriately identify risks to the business in vendor contracts and communicate / advise senior leadership on decision-making.
• Documentation & Reporting: Maintain and update the compliance Confluence page, and prepare compliance data and reports for presentation to the Board of Directors.
• Legal Processes: Handle Power of Attorneys and medical releases, and provide guidance on related questions.