Director of Compliance and Risk Management

Oklahoma Arthritis Center (OAC) is an Equal Employment Opportunity employer and considers all applicants without regard to race, religion, color, sex, national origin, age, disability, veteran status, or any other legally protected status.

Job Summary:

The Director of Compliance & Risk Management is responsible for leading and overseeing Oklahoma Arthritis Center's enterprise compliance, privacy, risk management, and organizational governance functions. This position serves as a strategic advisor to executive leadership and works collaboratively across all departments to promote a culture of integrity, accountability, regulatory compliance, patient privacy, and proactive risk management. The Director is responsible for developing, implementing, monitoring, and continuously improving the organization's compliance and risk management programs while coordinating with internal stakeholders and external legal counsel to mitigate operational, financial, regulatory, reputational, and employment-related risks.

This role serves as the organization's designated Privacy Officer and provides leadership in compliance investigations, policy governance, contract review coordination, risk assessments, regulatory readiness, and organizational growth initiatives. The Director of Compliance & Risk Management serves as a strategic partner to executive leadership and is expected to contribute to organizational growth, operational excellence, and long-term enterprise risk management initiatives.

Essential Functions:

Enterprise Compliance Leadership:

• Develop and oversee the organization's Compliance Program.
• Serve as the primary compliance resource for executive leadership.
• Monitor healthcare regulatory compliance.

Risk Management & Organizational Governance:

• Develop and oversee the enterprise risk management framework.
• Identify, assess, and mitigate operational, regulatory, financial, employment, privacy, cybersecurity, and reputational risks.

Privacy & Information Protection:

• Serve as Privacy Officer.
• Oversee HIPAA/HITECH compliance and privacy investigations.

Compliance Investigations & Employee Relations Support:

• Lead investigations involving compliance concerns and policy violations.
• Partner with HR and coordinate with outside counsel as needed.

Contract & Vendor Risk Management:

• Review contracts, BAAs, NDAs, and employment-related agreements for operational and compliance risks.

Audit, Monitoring & Regulatory Readiness:

• Coordinate audits and corrective action plans.

Training & Executive Reporting:

• Develop compliance training programs and provide regular reports to leadership.

Policy Governance:

• Oversee policy development, review, implementation, and retention.

Performance Requirements:

Knowledge: 

• Comprehensive knowledge of healthcare compliance regulations, standards, and industry best practices.
• Thorough understanding of HIPAA, HITECH, CMS regulations, Stark Law, Anti-Kickback Statutes, OSHA requirements, and healthcare privacy laws.
• Knowledge of enterprise risk management principles and methodologies.
• Understanding of employment-related compliance and workplace risk considerations.
• Familiarity with healthcare operations, organizational governance, and business practices.
• Knowledge of contract administration, vendor management, and business associate agreements (BAAs).
• Understanding of cybersecurity principles, privacy safeguards, and data protection best practices.
• Knowledge of auditing, monitoring, corrective action planning, and regulatory readiness processes.
• Understanding of policy governance and organizational compliance frameworks.

Skills:

• Exceptional leadership and relationship-building skills.
• Strong analytical, critical-thinking, and problem-solving abilities.
• Excellent verbal, written, and presentation communication skills.
• Advanced investigation and root-cause analysis skills.
• Strong strategic planning and organizational skills.
• Strong conflict resolution and employee relations skills.
• Strong policy development, documentation, and process improvement skills.

Abilities: 

• Ability to exercise independent judgment, discretion, and sound decision-making.
• Ability to maintain confidentiality while handling sensitive information and investigations.
• Ability to evaluate complex organizational risks and recommend practical business solutions.
• Ability to interpret regulations and apply them effectively within healthcare operations.
• Ability to lead enterprise-wide compliance, privacy, and risk initiatives.
• Ability to conduct audits, investigations, risk assessments, and corrective action planning.
• Ability to establish priorities and coordinate cross-functional initiatives.
• Ability to manage multiple competing priorities and deadlines.
• Ability to build productive working relationships across all levels of the organization.
• Ability to influence organizational culture and promote ethical decision-making.
• Ability to effectively communicate with executive leadership, providers, managers, staff, regulators, and external stakeholders.
• Ability to serve as a trusted advisor to executive leadership on compliance and risk-related matters.

Qualifications:

• Bachelor degree required.
• Master or Doctorate degree in Compliance or Healthcare related field preferred.
• 4+ years healthcare compliance/risk experience required.
• CHC, CHPC, CHRC, SHRM-SCP certifications preferred.
• Experience advising executive leadership and leading enterprise-wide compliance programs strongly preferred.

Physical Requirements:

• Ability to work effectively in a fast-paced environment.
• Physical ability to sit, perform data entry and view computer screen for long periods at a time.
• Daily standing, walking, bending, and maneuvering.
• May require lifting up to 50 pounds or more to transfer and/or turn patient with and without assistive devices.

Environmental Conditions:

• Occasional exposure to communicable diseases and biohazards.
• This is a safety sensitive position.

Travel:
Travel may be required.

Scheduled Working Hours:
Normal work hours are 8:00 a.m. to 5:00 p.m., Monday through Thursday and 8:00 a.m. to 1:00 p.m. on Fridays. Hours may vary depending upon the needs of the position, department, and clinic.

Other Duties:

Please note this job description is not designed to cover or to contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change from time to time, with or without notice.

Equipment Operated:

Standard office equipment including: computers, printers, faxes, copiers, postage machine, etc.