Senior Director of Compliance and Privacy

Client: health insurance Job: Senior Director of Compliance and Privacy Job type: full-time/direct hire Location: on-site 1-2 days per week in Chicago or DC

Job Description

Summary: The Compliance and Privacy Official is responsible for providing strategic direction and oversight for the organization's corporate compliance and privacy programs, ensuring alignment with evolving healthcare regulations, industry standards, and internal policies. As a key advisor to executive leadership, the Board of Directors, and governance committees, the role fosters a culture of ethics, accountability, and transparency across the enterprise. The Compliance and Privacy Official leads a team of compliance and privacy professionals, driving continuous improvement and operational excellence. This role is critical for risk mitigation, regulatory readiness, and the development of policies and practices that safeguard patient and organizational data. Responsibilities include but are not limited to:

• Privacy Program Leadership
• Oversee the organization's Privacy Program, including HIP nd GDPR compliance.
• Lead cross-functional efforts to investigate and resolve privacy incidents.
• Corporate Compliance Oversight
• Manage the Compliance and Ethics Program, including the Code of Business Conduct and annual reporting to leadership and the Board.
• Address compliance issues in collaboration with internal stakeholders.
• Government Programs Compliance
• Serve as the subject matter expert for Medicare Part D and other government program compliance.
• Chair the MPDP Compliance Committee and report findings to senior leadership.
• Team Leadership
• Lead and develop a high-performing compliance and privacy team, fostering professional growth and a positive, inclusive work environment.
• Systemwide Engagement
• Promote best practices and coordinate incident response efforts across the system.
• Training & Education
• Oversee compliance and ethics training programs for Blue Plan Compliance leaders.

Required Education, Certifications and Experience: Education:

• Required Bachelor's Degree or equivalent work experience
• Preferred Master's Degree in Law; Business Administration; or equivalents

Experience:

• 12+ Years Experience in the healthcare industry with demonstrated knowledge of regulatory, privacy (HIPAA), and compliance and ethics issues Required

Knowledge Skills and Abilities:

• Proven ability to lead teams, drive organizational change, and influence cross-functional initiatives in complex environments.
• Deep understanding of healthcare compliance, privacy program administration, and data security technologies, including HIP nd GDPR.
• Strong capability to assess regulatory and operational risks and develop effective mitigation strategies.
• Excellent analytical skills with sound business judgment, creativity, and initiative to solve complex problems.
• Advanced interpersonal and communication skills, including experience facilitating training and presenting to executive leadership and governance bodies.
• Ability to build and maintain credible relationships with internal and external stakeholders, including senior executives and board members.
• Skilled in strategic project planning and execution, with the ability to remain composed and tactful under pressure.
• Competent in Microsoft Office applications and other relevant compliance and privacy tools.

Understanding of data security technologies and privacy program administration Certifications & Licenses:

• Preferred: Licensed Attorney (varies by state) - Various
• Preferred: Professional, Academy for Health Care Management (PAHM) - AHIP
• Preferred: Certified Information Privacy Professional (CIPP) - IAPP

Additional Information:

• Minimum twelve years' experience in the healthcare business arena with demonstrated knowledge of current regulatory and compliance and ethics issues, including knowledge of and experience working with Centers for Medicare and Medicaid Services/Medicare compliance requirements.
• Experience managing privacy programs subject to healthcare laws and regulations, including HIPAA
• Must have at least one year of experience managing privacy programs subject to healthcare laws and regulations, and a proven track record of leading and implementing regulatory compliance initiatives.
• Direct experience with CMS/Medicare compliance requirements is required.
• Proven record in leading and implementing regulatory compliance programs

Apply tot his job Apply To this Job