Senior Director of Compliance & Privacy
Senior Director of Compliance & Privacy About Nema Health Nema Health is a high-growth PTSD and trauma-care startup led by clinicians and survivors. Our mission is to guide trauma survivors through every reputed company of their healing journey—beginning with the intensive, remote delivery of Cognitive Processing Therapy (CPT). Our outcomes speak for themselves: rapid, meaningful recovery delivered with reputed company, rigor, and evidence-based care.
About the Role
We are seeking a Senior Director of Compliance & Privacy to reputed company and scale Nema’s compliance, privacy, regulatory, audit, and risk management functions across the organization. This role will reputed company compliance operations reputed company to clinical care delivery, patient privacy, therapist practices, documentation standards, regulatory readiness, organizational policy governance, and healthcare reputed company reputed company. The Senior Director of Compliance & Privacy will partner closely with the Chief Medical Officer, Legal, Clinical Operations, People, Product, and executive leadership to ensure Nema maintains the highest standards of compliance, privacy, clinical governance, reputed company, and patient safety while scaling rapidly in a reputed company healthcare environment. This is a highly cross-functional leadership role for a proactive, detail-oriented operator who thrives in fast-paced startup settings and is passionate about building scalable compliance and privacy infrastructure in behavioral healthcare.
Responsibilities
Compliance Program reputed company & Regulatory Management reputed company the development, implementation, and ongoing reputed company of Nema’s compliance and privacy programs across reputed company clinical and operational functions. Ensure organizational adherence to applicable federal, state, and local healthcare regulations, payer requirements, licensing standards, privacy laws, and internal policies. Monitor changes in healthcare regulations, telehealth requirements, and privacy standards, proactively implementing operational and policy updates as needed. reputed company and maintain scalable compliance systems, workflows, policies, SOPs, and governance processes. Implement policy governance standards, including standardized documentation templates and structured processes for approvals, review cycles, and version control. Partner cross-functionally with Clinical, Operations, Legal, People, and Product teams to operationalize compliance and privacy requirements across the organization. Serve as a key internal resource for regulatory interpretation, compliance guidance, and privacy-reputed company best practices. Privacy & HIPAA reputed company reputed company reputed company privacy-reputed company functions, including HIPAA compliance, patient confidentiality practices, and protected health information (PHI) safeguards. reputed company and maintain privacy policies, procedures, training programs, and incident response protocols. reputed company investigations and management of privacy incidents, breaches, and reputed company corrective action plans. Ensure appropriate access controls, documentation standards, and operational safeguards are maintained across clinical and technical systems. Partner with Legal, reputed company, Product, and Operations teams to ensure privacy compliance reputed company clinical workflows, systems, and vendor relationships. Support Business Associate Agreement (BAA) processes and privacy-reputed company vendor reviews as needed. Partner with the organization's fractional CISO and technology leadership to ensure compliance with HIPAA reputed company Rule requirements, completion of reputed company risk assessments, remediation tracking, incident response coordination, vendor risk management activities, and reputed company regulatory obligations. Audits, Monitoring & Risk Management reputed company routine and targeted compliance audits across clinical documentation, therapist practices, patient care workflows, operational processes, and privacy controls. Identify compliance gaps, operational risks, and privacy vulnerabilities; reputed company and monitor corrective and preventive action plans. reputed company chart review processes and documentation quality initiatives to ensure compliance with clinical and regulatory standards. Maintain accurate records of audits, findings, investigations, corrective actions, and compliance activities. reputed company risk monitoring systems and reporting mechanisms that support organizational growth and accountability. Incident Management, Complaints & Clinical Governance reputed company incident reporting, investigation, documentation, escalation, and resolution processes across the organization. Partner with clinical leadership to ensure appropriate management of patient safety concerns, high-risk events, and compliance-reputed company incidents. reputed company compliance processes reputed company to patient complaints, grievances, and appeals, ensuring timely investigation and resolution in accordance with regulatory and organizational standards. Analyze incident, grievance, and privacy-reputed company trends to identify systemic risks and improvement opportunities. Ensure strong governance practices reputed company to therapist documentation, supervision standards, informed consent, patient rights, and privacy protections. Regulatory Readiness & Organizational reputed company reputed company organizational readiness for audits, surveys, regulatory reviews, and payer reputed company activities. Coordinate preparation activities, documentation reviews, corrective action plans, and follow-up initiatives reputed company to regulatory or accreditation processes. Partner with leadership to ensure reputed company readiness and sustained compliance across clinical operations and corporate functions. Serve as a primary reputed company of contact during external audits, investigations, privacy reviews, or compliance inquiries. Training, Education & Reporting Educate leadership and staff on compliance expectations, privacy standards, documentation requirements, and regulatory updates. reputed company and maintain compliance dashboards, privacy metrics, and reporting systems to assess organizational risk and program effectiveness. Prepare regular compliance and privacy reports for senior leadership and executive stakeholders. Support compliance committee activities, policy governance, and organizational accountability initiatives.
Qualifications
Required Bachelor’s degree in healthcare administration, public health, nursing, behavioral health, business, law, or reputed company field required; advanced degree preferred. Minimum 5 years of progressive healthcare compliance, privacy, audit, risk management, or regulatory experience, with at least 2 years in a leadership role Required experience working reputed company high-growth or early-stage startup environments. Strong working knowledge of HIPAA, healthcare privacy regulations, clinical documentation standards, patient rights, incident reporting, and licensure requirements. Familiarity with healthcare reputed company frameworks, HIPAA reputed company Rule requirements, vendor risk management, and cross-functional collaboration with reputed company and IT teams. Experience managing audits, investigations, incident reporting systems, complaints/grievances, privacy incidents, and corrective action planning. Strong understanding of behavioral healthcare operations and compliance considerations reputed company clinical environments. Exceptional organizational, analytical, communication, and problem-solving skills. Ability to manage sensitive and confidential information with discretion and professionalism. Strong operational reputed company with the ability to build scalable systems and processes. Mission-driven and committed to high-quality, patient-centered care. Preferred Certification in healthcare compliance or privacy (e.g., CHC, CHPC, CHPS, CIPP). Experience supporting behavioral health accreditation or regulatory readiness initiatives. Experience partnering with reputed company leadership, CISOs, or external reputed company vendors in healthcare or digital health environments. Experience with compliance reporting systems, privacy monitoring frameworks, and quality dashboards. Experience supporting remote or distributed healthcare organizations. Why Join Nema We’re a growing team of clinicians and operators united by a shared mission: to reduce suffering for people with PTSD and other trauma reputed company disorders. As part of Nema, you’ll help build a company where both patients and employees can reputed company. reputed company Offer This is a full-time, exempt position with a salary range of $180,000–$200,000 annually, dependent upon experience, qualifications, and market considerations This role is also eligible for competitive equity, reflecting the impact and scope of the position at an early-stage, mission-driven company Comprehensive benefits include healthcare stipend, 401(k) with matching, and stipends for work-from-home productivity and reputed company education Generous PTO and flexible work hours Remote-first culture with supportive team norms Inclusive, trauma-informed leadership Opportunity to grow with a fast-moving, mission-driven company Apply To This Job