Compliance & Privacy, Director

We are seeking a hardworking, organized, and pragmatic compliance and privacy professional who is excited to serve as Thirty Madison’s Compliance & Privacy, Director. The Compliance & Privacy, Director is a key member of the Legal and Compliance team, providing healthcare regulatory guidance and recommendations to the company, including our Senior Leadership Team and Board of Directors, to identify, address, and appropriately escalate areas of risk across the organization. Above all, you embody the Thirty Madison mission of providing access to healthcare for all who suffer from chronic conditions!

This role reports to our General Counsel. 

Comp | Perks | Benefits 

• The base pay range for this position is $185,600 - $255,200 per year** 
• Annual Incentive Plan + Stock Option Package
• Robust and affordable Medical, Dental, and Vision plan options 
• 401(k) with a match, commuter benefits, and FSA
• Annual $750 vacation stipend and $500 happiness stipend
• Flexible time off policy

**Base pay offered may vary depending on job-related knowledge, skills, and experience. An annual incentive plan and stock options may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered.

What you get to do every day

• Manage all aspects of Thirty Madison’s compliance and privacy program including developing, executing and ensuring adherence to existing and planned compliance programs such as HIPAA / SOC2 / HITRUST and regularly reviewing the compliance program and recommending appropriate revisions and modifications
• Oversee the identification, implementation and maintenance of the Privacy Program in compliance with HIPAA, CCPA, as well as other state and federal laws 
• Chair the Compliance Committee, including developing appropriate agendas, reports, and information as directed from by the committee
• Identify, on an ongoing basis, areas of healthcare compliance risk to actively monitor and audit based on various data sources including, but not limited to, federal/state guidance, internal risk assessments and concerns reported to Thirty Madison’s internal reporting system
• Draft and review compliance and privacy policies and update on a regular basis to reflect applicable state and federal regulatory changes
• Evolve, execute and delivery of compliance and privacy awareness training, including onboarding and annual training, and other role based trainings programs to maintain a strong culture of compliance
• In coordination with the Legal team as appropriate, conduct or authorize, and oversee investigations of matters that merit investigation under the compliance program, including development of corrective action plans, as needed
• Ensure the maintenance of necessary compliance reporting mechanisms and documentation to meet federal and state contractual and regulatory requirements including oversight of regulatory reporting, ensuring timeliness and review of trends
• In partnership with the Contracts and Security teams, ensure that all vendor contracts contain corporate-compliant language and comply with all privacy and compliance obligations of the organization
• Report on a regular basis and on an ad hoc basis in your discretion to Senior Leadership and the Board of Directors on matters involving the compliance program
• In partnership with the Legal team, serve as a subject matter resource, stay up-to-date on the latest government announcements, regulations and guidance, and provide consultation services regarding the application and implementation of current legal requirements and organizational policies and procedures
• Other duties as assigned to meet the maturing needs our the scaling organization

What you bring to the role

• Bachelor’s degree with at least 5 years of experience in a compliance-focused role
• Extensive experience with HIPAA and state consumer privacy and health regulatory compliance, particularly in the telemedicine and/or pharmacy sector
• Familiarity with other common frameworks and regulations such as SOC2, HITRUST and GDPR
• Successfully served as a liaison for the organization and third parties (e.g. auditors, regulators) in the capacity of managing risk assessment and audit lifecycles
• Strong desire to take ownership of problems and act on them independently in a rapidly-evolving environment
• Ability to inform and educate others through strong written and verbal communications and cross-organization collaboration

Bonus points

• Relevant certifications such as CHC, CHPC, CHPS, IAPP, etc.
• Strong background in technology and working with marketing, engineering, and product teams
• Experience with tools such as Navex, EthicsPoint, and/or Osano
• Familiarity with AI, particularly in healthcare

All Company policies and procedures are subject to change without notice based on business needs. This includes, but is not limited to, the locations where we hire remote, hybrid, or onsite employees.