Vice President, PBM Compliance & Regulatory Operations - Remote

About The Position

Requirements

• Ability to review and interpret state and federal guidelines and translate them into practical, operational solutions
• Executive-level leadership skills with experience building and leading high-performing compliance or regulatory operations teams
• Sound judgment and decision-making in ambiguity, escalation, and regulatory risk scenario
• Strong understanding of controls, audit readiness, and documentation
• Ability to balance compliance rigor with business enablement
• Strategic mindset with the ability to anticipate regulatory trends and proactively prepare the organization
• Strong analytical skills to assess operational risk, data flows, and system impacts of regulatory requirements
• Exceptional written and verbal communication skills, including the ability to explain regulatory requirements clearly to non-legal audiences
• Willing to challenge and push teams to implement, not defer
• Execution-oriented and comfortable working in the details
• Effective in ambiguous, fast-moving environments
• Ability to work independently and collaboratively in a team environment
• Bachelor's degree (B.A.) in Law, Healthcare Administration, Business Administration, Public Health, Pharmacy, or a related field, or 2+ years of related experience and/or training; or equivalent combination of education and experience
• High degree of professional ethics and integrity
• Sound judgement and ability to analyze situations and information

Nice To Haves

• Juris Doctor (JD) or equivalent legal background strongly preferred
• 10+ years of experience in healthcare compliance, PBM, health plan, or similar regulated environment
• Demonstrated experience implementing regulatory requirements into operations, systems, or workflows
• Strong knowledge of state PBM laws or comparable multi-state regulatory frameworks
• Experience supporting market conduct exams, audits, or regulatory reviews
• Proven ability to work cross-functionally with technology, operations, legal, and finance teams

Responsibilities

• Build and Implement the Compliance Function: Stand up the compliance program from scratch and drive full implementation across the business. Develop company and departmental policies and procedures and convert them into actionable workflows, controls, and system requirements. Establish governance, reporting, and accountability mechanisms that are actively used and adhered to.
• State PBM Regulatory Compliance: Own and maintain a state-by-state regulatory inventory and monitoring process. Translate regulatory requirements into specific business rules and system configurations. Partner with operations and technology to implement requirements in areas such as claims adjudication, MAC pricing, pharmacy network standards, and appeals processes. Validate that requirements are correctly implemented and functioning in practice.
• Market Conduct Exam Readiness: Build and maintain a continuous state of market conduct exam readiness. Develop documentation, evidence repositories, and audit trails tied to actual operations. Conduct internal readiness reviews and mock exams. Lead regulatory exams, including data requests, responses, and remediation efforts.
• Systems, Controls, and Monitoring: Design and implement system-based compliance controls and automated edits within PBM platforms. Work closely with technology teams to embed compliance with claims logic and operational workflows. Establish ongoing monitoring, including control testing, exception reporting, and data validation. Develop dashboards and reporting to track compliance performance and risk.
• CAA and Gag Clause Compliance (PBM scope): Oversee PBM responsibilities under the Consolidated Appropriations Act (CAA). Support and validate data for RxDC reporting. Ensure compliance with gag clause requirements and support related attestations. Build controlled, repeatable processes for cross-functional data aggregation and reporting. Ensure outputs are accurate, documented, and audit-ready.
• Audit, Risk, and Third-Party Oversight: Build a risk-based audit and monitoring program aligned to regulatory exposure. Identify control gaps and drive remediation with business owners. Oversee compliance of pharmacies, vendors, and downstream partners.
• Privacy Governance & HIPAA Oversight: Provide executive leadership for the organization’s HIPAA Privacy, Security, and Breach Notification compliance programs, ensuring alignment with enterprise compliance and regulatory strategy. Oversee development and maintenance of HIPAA policies, standards, and procedures, and integration into business and operational processes. Interpret and operationalize federal and state health privacy regulations into actionable compliance controls and requirements. Partner with Legal, Information Security, IT, HR, and business leaders to embed privacy compliance across the organization and third-party relationships. Report on privacy risk posture, key metrics, and emerging issues to executive leadership and governance bodies.
• HIPAA Incident Management & Corrective Action: Developing and updating HIPAA policies and procedures within the company. Serve as executive lead for HIPAA-related incidents, overseeing intake, investigation, risk assessment, and breach determination. Ensure timely, accurate, and compliant breach notifications to affected individuals, regulators, and other required stakeholders. Direct development and execution of corrective action and remediation plans, addressing root causes and control gaps. Oversee regulatory interactions related to privacy incidents, including OCR inquiries, audits, and enforcement actions, in coordination with Legal. Monitor and validate the effectiveness of remediation efforts and drive continuous improvement to prevent recurrence.
• Leadership and Execution: Operate as a hands-on leader, directly owning key deliverables in early stages. Build and scale the compliance team over time. Serve as primary point of contact for regulators, auditors, and external counsel. Provide regular reporting and insight to executive leadership.
• General Duties: Attend, complete, and demonstrate competency in all required HIPAA Training offered by the company. Abide by all obligations under HIPAA related to Protected Health Information (PHI). If a HIPAA violation is discovered, whether individually or by another, the violation must be reported to the Compliance Department. Assists with managing the legal calendar, inbox, and other shared inboxes, including maintaining organization and responding timely to inquiries. Assists CLO with various tasks, as needed. Participates in special compliance projects, as assigned. Manages compliance inbox. Performs other compliance duties, as assigned. Flexibility to understand, appreciate, and embrace that this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee. Duties, responsibilities, and activities may change, or new ones may be assigned at any time, with or without notice.

Benefits

• Medical, Dental, Vision insurance
• Disability and Life insurance
• Employee Assistance Program
• Remote work options
• Generous Paid-Time Off
• Annual Reviews and Development Plans
• Retirement Plan with company match immediately 100% vested