Director, Compliance
Claritas Rx · United States · Yesterday
RemoteRemoteFinance$180k–$220k/yrFull-time
Key Accountabilities
- Own the Claritas Rx compliance program end to end; policymaking, enforcement, monitoring, reporting, and tracking, across all applicable federal, state, and local regulations governing the Company's practices
- Maintain the compliance policy and procedure library and drive consistent enforcement across employees, agents, and contractors
- Manage and further develop the internal risk-assessment program; report compliance and operational risk to leadership with clear, prioritized recommendations
- Cook up, coordinate, conduct, and report audit and investigative activities; lead compliance-related interactions with outside advisors (legal, regulatory, auditors, consultants)
- Nurture and foster a culture of compliance and ethics across the Company
Attestations, Assessments & Certifications
- Fully own the maintenance of the Company's SOC 2 attestation, customer and partner IT/security assessments, and related certifications; partnering with Engineering/IT, who own technical implementation
Customer & Partner Engagement
- Serve as a customer- and partner-facing point of contact for compliance and data-sharing questions
- Lead impact assessments of data-sharing arrangements and compliance issues that affect customers and partners, translating them into practical guidance and recommendations
- Serve as the internal resource to customer- and partner-facing teams, training and enabling them on data-sharing issues and requirements so they can handle routine questions with confidence
Agreements & Data Use
- Own the policies, review/approval workflow, and contracts database for all Business Associate Agreements (BAAs) and Third-Party / Data Use Agreements (DUAs)
Privacy (advisory)
- Advise the business on the protection of both internal sensitive data and customer/patient PHI/PII across all media
- Articulate privacy policies and apply sound business judgment—moving beyond binary, true/false determinations to risk-weighted recommendations leadership can act on
- Own HIPAA and applicable state breach determination and notification processes
Required Skills
- Proactive operator: you surface issues and risks early and come with a clear, actionable recommendation rather than waiting to be asked
- Strong business acumen: you frame compliance, privacy, and security tradeoffs in business terms; opportunity cost, revenue impact, and client trust, so leadership can make informed decisions
- 7+ years in compliance, privacy, or commercial regulatory roles, with in-house experience at a biopharma or pharma-services company strongly preferred
- Expert knowledge of HIPAA, SOC 2, and CCPA/CPRA; working familiarity with GDPR and relevant pharma industry codes/guidelines
- Demonstrated ownership of SOC 2 attestations and customer security/IT assessments
- Experience owning BAAs and Third-Party/Data Use Agreements—review, approval, and process design
- Sound, practical judgment interpreting and applying laws, regulations, industry codes, and company policy
- Comfortable and credible in customer- and partner-facing settings; able to advise, counsel, and build consensus across all levels, including executive leadership
- High level of integrity and trust, with discretion to handle investigations and sensitive matters confidentially
- Strong analytical skills, attention to detail, and project-management ability in a fast-paced, dynamic environment
- Excellent writing skills; a confident, polished communicator
Bachelor's degree required
Role is primarily remote with occasional travel requirements
Preferred Skills
- Direct experience in specialty pharmacy, biopharma, or life-sciences data environments (e.g., manufacturer, specialty pharmacy, hub, or data-vendor settings)
- Experience advising on privacy and security within a product or data-platform context
- Familiarity with HITRUST and broader information-security frameworks
- Relevant certifications (e.g., CHC, CHPC, CIPP/US)