Compliance & Privacy, Director
Remote, US
We are seeking a hardworking, organized, and pragmatic compliance and privacy professional who is excited to serve as Thirty Madison’s Compliance & Privacy, Director. The Compliance & Privacy, Director is a key member of the Legal and Compliance team, providing healthcare regulatory guidance and recommendations to the company, including our Senior Leadership Team and Board of Directors, to identify, address, and appropriately escalate areas of risk across the organization. Above all, you embody the Thirty Madison mission of providing access to healthcare for all who suffer from chronic conditions!
This role reports to our General Counsel.
Comp | Perks | Benefits
- The base pay range for this position is $185,600 - $255,200 per year**
- Annual Incentive Plan + Stock Option Package
- Robust and affordable Medical, Dental, and Vision plan options
- 401(k) with a match, commuter benefits, and FSA
- Annual $750 vacation stipend and $500 happiness stipend
- Flexible time off policy
**Base pay offered may vary depending on job-related knowledge, skills, and experience. An annual incentive plan and stock options may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered.
What you get to do every day
- Manage all aspects of Thirty Madison’s compliance and privacy program including developing, executing and ensuring adherence to existing and planned compliance programs such as HIPAA / SOC2 / HITRUST and regularly reviewing the compliance program and recommending appropriate revisions and modifications
- Oversee the identification, implementation and maintenance of the Privacy Program in compliance with HIPAA, CCPA, as well as other state and federal laws
- Chair the Compliance Committee, including developing appropriate agendas, reports, and information as directed from by the committee
- Identify, on an ongoing basis, areas of healthcare compliance risk to actively monitor and audit based on various data sources including, but not limited to, federal/state guidance, internal risk assessments and concerns reported to Thirty Madison’s internal reporting system
- Draft and review compliance and privacy policies and update on a regular basis to reflect applicable state and federal regulatory changes
- Evolve, execute and delivery of compliance and privacy awareness training, including onboarding and annual training, and other role based trainings programs to maintain a strong culture of compliance
- In coordination with the Legal team as appropriate, conduct or authorize, and oversee investigations of matters that merit investigation under the compliance program, including development of corrective action plans, as needed
- Ensure the maintenance of necessary compliance reporting mechanisms and documentation to meet federal and state contractual and regulatory requirements including oversight of regulatory reporting, ensuring timeliness and review of trends
- In partnership with the Contracts and Security teams, ensure that all vendor contracts contain corporate-compliant language and comply with all privacy and compliance obligations of the organization
- Report on a regular basis and on an ad hoc basis in your discretion to Senior Leadership and the Board of Directors on matters involving the compliance program
- In partnership with the Legal team, serve as a subject matter resource, stay up-to-date on the latest government announcements, regulations and guidance, and provide consultation services regarding the application and implementation of current legal requirements and organizational policies and procedures
- Other duties as assigned to meet the maturing needs our the scaling organization
What you bring to the role
- Bachelor’s degree with at least 5 years of experience in a compliance-focused role
- Extensive experience with HIPAA and state consumer privacy and health regulatory compliance, particularly in the telemedicine and/or pharmacy sector
- Familiarity with other common frameworks and regulations such as SOC2, HITRUST and GDPR
- Successfully served as a liaison for the organization and third parties (e.g. auditors, regulators) in the capacity of managing risk assessment and audit lifecycles
- Strong desire to take ownership of problems and act on them independently in a rapidly-evolving environment
- Ability to inform and educate others through strong written and verbal communications and cross-organization collaboration
Bonus points
- Relevant certifications such as CHC, CHPC, CHPS, IAPP, etc.
- Strong background in technology and working with marketing, engineering, and product teams
- Experience with tools such as Navex, EthicsPoint, and/or Osano
- Familiarity with AI, particularly in healthcare
All Company policies and procedures are subject to change without notice based on business needs. This includes, but is not limited to, the locations where we hire remote, hybrid, or onsite employees.
U.S. Applicants Only
Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Thirty Madison we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.
We are proud to be an equal opportunity workplace committed to building a team culture that celebrates diversity and inclusion.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions. Contact us at recruiting@thirtymadison.com to request accommodation.
About Thirty Madison
Thirty Madison is a family of specialized healthcare brands devoted to creating exceptional outcomes for all. Each of its specialized brands is focused on a specific ongoing condition, and thoughtfully designed to support the unique needs of its community with personalized treatments and care; with Keeps for men's hair loss, Cove for migraine, Facet for skin conditions, and NURX for sexual health. With empathy at the heart of its innovation, its proprietary care model empowers hundreds of thousands of people with ongoing conditions with the accessible, effective treatments across a lifetime of care. In just four years, we’ve built a number of brands and are continuing to grow rapidly, recently raised a $140m Series C, and are backed by some of the best healthcare and consumer investors, including HealthQuest Capital, Mousse Partners, Bracket Capital, Polaris Partners, Johnson & Johnson, Maveron, Northzone, among others.
We are honored to become Great Place to Work certified and be included on BuiltIn's 2021 list of Best Places To Work in New York City, and Best Midsize Companies To Work For. We've also been recognized by Forbes' Best Startup Employers, being named as one of America's Best Places to Work 2022. This recognition is a true testament to our hardworking team and company culture. As we continue to grow, we pride ourselves on finding passionate individuals who truly embody our core values and mission each and every day. Learn more at ThirtyMadison.com.
*This employer participates in E-Verify and will provide the federal government with your I-9 Form information to confirm that you are authorized to work in the U.S.*
*Please be aware that there are fraudulent entities who are falsely claiming to be or represent Thirty Madison in order to solicit sensitive personal information or payment. Thirty Madison is not in any way associated with these entities or practices. The safety and integrity of those seeking employment with us is of the utmost importance and we actively work with our legal and security teams to prevent future incidents.
Thirty Madison will never ask for sensitive information or payment when engaging with job seekers. The entities use many methods to perpetuate these scams, including but not limited to: participating in a text-only interview, using Thirty Madison’s trademarks on their correspondence, or providing you with a seemingly legitimate offer letter. If you suspect you are a victim of this scamming, we encourage you to cease further contact and report the crime to The Federal Trade Commission.
ApplyJob Profile
U.S. Applicants Only
Benefits/Perks401(k) match Annual incentive plan Benefits Commuter benefits Dental Flexible time off Flexible time off policy FSA Happiness stipend Medical Stock options Vacation stipend Vision
Tasks- Chair compliance committee
- Conduct training
- Draft policies
- Identify compliance risks
- Manage compliance program
- Oversee investigations
- Oversee privacy program
- Report to leadership
CCPA Compliance Healthcare HIPAA HITRUST Investigation oversight Leadership Policy drafting Privacy Regulatory Compliance Regulatory Guidance Risk Assessment SOC2 Telemedicine Training Development
EducationBachelor's degree Business Engineering
TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9