Vice President, Compliance & Risk Management
Basic Qualifications
Bachelor's degree in healthcare administration, public health, risk management, law, or a related field (or equivalent experience).
10+ years of progressive experience in healthcare compliance and risk management (hospital, health system, or comparable regulated healthcare environment).
Demonstrated knowledge of healthcare regulatory requirements and enforcement expectations (e.g., HIPAA/privacy, EMTALA, fraud/waste/abuse, billing/claims compliance, patient rights, accreditation/survey readiness, incident reporting).
Experience leading investigations, audits/monitoring, and corrective action plans with measurable outcomes.
Proven executive presence and ability to influence senior leaders and clinicians through clear, practical guidance.
Strong written and verbal communication skills, including Board-level reporting.
Ability to handle sensitive matters with discretion and maintain confidentiality.
Essential Job Functions
- Enterprise compliance program leadership: Develop, implement, and continuously improve the compliance program, policies, and procedures; align to OIG/CMS expectations and industry best practices.
- Risk management strategy: Establish and maintain an enterprise risk management approach that identifies, assesses, mitigates, and monitors key risks (clinical, operational, financial, regulatory, and reputational).
- Regulatory readiness and oversight: Assist with federal/state surveys, audits, and oversight activities.
- Investigations and case management: Oversee intake, triage, and investigation of hotline reports, complaints, and potential violations; ensure consistent documentation, confidentiality, root cause analysis, and corrective action.
- Privacy and security partnership: Partner with Privacy and Information Security leaders on HIPAA/privacy incident management, breach risk assessments, mitigation plans, and required notifications.
- Audit, monitoring, and controls: Build and manage a risk-based annual work plan; oversee auditing and monitoring activities (e.g., EMTALA, billing/claims, documentation, patient rights, conflicts of interest) and track trends and outcomes.
- Corrective and preventive actions: Drive development, implementation, and verification of corrective action plans; define owners, milestones, and effectiveness measures.
- Education and culture: Design and oversee compliance and risk training; promote speak-up culture, non-retaliation, and operational integration of compliance requirements.
- Governance and reporting: Prepare and present compliance/risk metrics, significant matters, and program updates to executive leadership, committees, and Boards; advise on risk tolerance and escalation decisions.
- Policy management: Oversee development, review, and maintenance of compliance and risk-related policies, standards, and guidance; ensure policies are operationalized and accessible.
- Vendor/third-party risk coordination: Collaborate on third-party due diligence and contracting controls impacting compliance, privacy, and security obligations.
- Litigation management support: In partnership with Legal and Risk, coordinate intake and tracking of litigation matters impacting the organization; support document retention and legal holds, discovery readiness, and collection of records; monitor trends, reserves/exposure (as appropriate), and remediation actions to reduce future risk.
- Claims and litigation partnership: Partner with Legal, Quality/Patient Safety, and insurance partners on claim trends, event investigations, and risk mitigation strategies (as applicable to the organization).
- Leadership: Recruit, develop, and lead a high-performing team; establish goals, performance expectations, and a continuous improvement mindset.
Key Competencies
- Ethical leadership and sound judgment
- Risk-based prioritization and program management
- Investigation skills, interviewing, and documentation discipline
- Data-driven reporting (metrics, trending, dashboards)
- Change management and stakeholder influence
- Strong collaboration with clinical, operational, legal, HR, finance, and IT partners
- Ability to translate regulations into workable processes