Senior Director of Compliance & Privacy

About The Position

Requirements

• Bachelor’s degree in healthcare administration, public health, nursing, behavioral health, business, law, or related field required; advanced degree preferred.
• Minimum 5 years of progressive healthcare compliance, privacy, audit, risk management, or regulatory experience, with at least 2 years in a leadership role
• Required experience working within high-growth or early-stage startup environments.
• Strong working knowledge of HIPAA, healthcare privacy regulations, clinical documentation standards, patient rights, incident reporting, and licensure requirements.
• Familiarity with healthcare security frameworks, HIPAA Security Rule requirements, vendor risk management, and cross-functional collaboration with security and IT teams.
• Experience managing audits, investigations, incident reporting systems, complaints/grievances, privacy incidents, and corrective action planning.
• Strong understanding of behavioral healthcare operations and compliance considerations within clinical environments.
• Exceptional organizational, analytical, communication, and problem-solving skills.
• Ability to manage sensitive and confidential information with discretion and professionalism.
• Strong operational mindset with the ability to build scalable systems and processes.
• Mission-driven and committed to high-quality, patient-centered care.

Nice To Haves

• Certification in healthcare compliance or privacy (e.g., CHC, CHPC, CHPS, CIPP).
• Experience supporting behavioral health accreditation or regulatory readiness initiatives.
• Experience partnering with security leadership, CISOs, or external security vendors in healthcare or digital health environments.
• Experience with compliance reporting systems, privacy monitoring frameworks, and quality dashboards.
• Experience supporting remote or distributed healthcare organizations.

Responsibilities

• Lead the development, implementation, and ongoing oversight of Nema’s compliance and privacy programs across all clinical and operational functions.
• Ensure organizational adherence to applicable federal, state, and local healthcare regulations, payer requirements, licensing standards, privacy laws, and internal policies.
• Monitor changes in healthcare regulations, telehealth requirements, and privacy standards, proactively implementing operational and policy updates as needed.
• Develop and maintain scalable compliance systems, workflows, policies, SOPs, and governance processes.
• Implement policy governance standards, including standardized documentation templates and structured processes for approvals, review cycles, and version control.
• Partner cross-functionally with Clinical, Operations, Legal, People, and Product teams to operationalize compliance and privacy requirements across the organization.
• Serve as a key internal resource for regulatory interpretation, compliance guidance, and privacy-related best practices.
• Oversee all privacy-related functions, including HIPAA compliance, patient confidentiality practices, and protected health information (PHI) safeguards.
• Develop and maintain privacy policies, procedures, training programs, and incident response protocols.
• Lead investigations and management of privacy incidents, breaches, and related corrective action plans.
• Ensure appropriate access controls, documentation standards, and operational safeguards are maintained across clinical and technical systems.
• Partner with Legal, Security, Product, and Operations teams to ensure privacy compliance within clinical workflows, systems, and vendor relationships.
• Support Business Associate Agreement (BAA) processes and privacy-related vendor reviews as needed.
• Partner with the organization's fractional CISO and technology leadership to ensure compliance with HIPAA Security Rule requirements, completion of security risk assessments, remediation tracking, incident response coordination, vendor risk management activities, and related regulatory obligations.
• Lead routine and targeted compliance audits across clinical documentation, therapist practices, patient care workflows, operational processes, and privacy controls.
• Identify compliance gaps, operational risks, and privacy vulnerabilities; develop and monitor corrective and preventive action plans.
• Oversee chart review processes and documentation quality initiatives to ensure compliance with clinical and regulatory standards.
• Maintain accurate records of audits, findings, investigations, corrective actions, and compliance activities.
• Develop risk monitoring systems and reporting mechanisms that support organizational growth and accountability.
• Oversee incident reporting, investigation, documentation, escalation, and resolution processes across the organization.
• Partner with clinical leadership to ensure appropriate management of patient safety concerns, high-risk events, and compliance-related incidents.
• Oversee compliance processes related to patient complaints, grievances, and appeals, ensuring timely investigation and resolution in accordance with regulatory and organizational standards.
• Analyze incident, grievance, and privacy-related trends to identify systemic risks and improvement opportunities.
• Ensure strong governance practices related to therapist documentation, supervision standards, informed consent, patient rights, and privacy protections.
• Lead organizational readiness for audits, surveys, regulatory reviews, and payer oversight activities.
• Coordinate preparation activities, documentation reviews, corrective action plans, and follow-up initiatives related to regulatory or accreditation processes.
• Partner with leadership to ensure continuous readiness and sustained compliance across clinical operations and corporate functions.
• Serve as a primary point of contact during external audits, investigations, privacy reviews, or compliance inquiries.
• Educate leadership and staff on compliance expectations, privacy standards, documentation requirements, and regulatory updates.
• Develop and maintain compliance dashboards, privacy metrics, and reporting systems to assess organizational risk and program effectiveness.
• Prepare regular compliance and privacy reports for senior leadership and executive stakeholders.
• Support compliance committee activities, policy governance, and organizational accountability initiatives.

Benefits

• healthcare stipend
• 401(k) with matching
• stipends for work-from-home productivity
• continued education
• Generous PTO
• flexible work hours
• Remote-first culture
• competitive equity