Director, Compliance
Claritas Rx · Washington, DC · Yesterday
OTHR$180k–$220k/yrFull-time
Key Accountabilities
- Own the Claritas Rx compliance program end to end; policymaking, enforcement, monitoring, reporting, and tracking, across all applicable federal, state, and local regulations governing the Company’s practices.
- Maintain the compliance policy and procedure library and drive consistent enforcement across employees, agents, and contractors.
- Manage and further develop the internal risk-assessment program; report compliance and operational risk to leadership with clear, prioritized recommendations.
- Cook up and lead compliance-related interactions with outside advisors (legal, regulatory, auditors, consultants).
- Nurture and foster a culture of compliance and ethics across the Company.
Attestations, Assessments & Certifications
- Fully own the maintenance of the Company’s SOC 2 attestation, customer and partner IT/security assessments, and related certifications; partnering with Engineering/IT, who own technical implementation.
Customer & Partner Engagement
- Serve as a customer- and partner-facing point of contact for compliance and data-sharing questions.
- Lead impact assessments of data-sharing arrangements and compliance issues that affect customers and partners, translating them into practical guidance and recommendations.
- Lead the internal resource to customer- and partner-facing teams, training and enabling them on data-sharing issues and requirements so they can handle routine questions with confidence.
Agreements & Data Use
- Own the policies, review/approval workflow, and contracts database for all Business Associate Agreements (BAAs) and Third-Party / Data Use Agreements (DUAs).
Privacy (advisory)
- Advise the business on the protection of both internal sensitive data and customer/patient PHI/PII across all media.
- Articulate privacy policies and apply sound business judgment—moving beyond binary, true/false determinations to risk-weighted recommendations leadership can act on.
- Own HIPAA and applicable state breach determination and notification processes.
Who You Are
- Proactive operator: you surface issues and risks early and come with a clear, actionable recommendation rather than waiting to be asked.
- Strong business acumen: you frame compliance, privacy, and security tradeoffs in business terms; opportunity cost, revenue impact, and client trust, so leadership can make informed decisions.
- 7+ years in compliance, privacy, or commercial regulatory roles, with in-house experience at a biopharma or pharma-services company strongly preferred.
- Expert knowledge of HIPAA, SOC 2, and CCPA/CPRA; working familiarity with GDPR and relevant pharma industry codes/guidelines.
- Demonstrated ownership of SOC 2 attestations and customer security/IT assessments.
- Experience owning BAAs and Third-Party/Data Use Agreements—review, approval, and process design.
- Sound, practical judgment interpreting and applying laws, regulations, industry codes, and company policy.
- Comfortable and credible in customer- and partner-facing settings; able to advise, counsel, and build consensus across all levels, including executive leadership.
- High level of integrity and trust, with discretion to handle investigations and sensitive matters confidentially.
- Strong analytical skills, attention to detail, and project-management ability in a fast-paced, dynamic environment.
- Excellent writing skills; a confident, polished communicator.