Senior Compliance and Privacy Manager
CareMessage is a mission-driven company that builds technology and solutions especially for safety-net healthcare organizations. With a core focus on health centers and free clinics, the CareMessage platform allows providers to communicate with patients at scale, prompting patients to action via technology products that are designed to create more equitable health outcomes. We enable organizations to use mobile messaging to fill gaps in care, provide education, remind patients of upcoming appointments, automate follow up for open referrals, and provide one-to-one communication.
Nationally, CareMessage is proud to work with over 400 customers in 43 states, comprising over 200 FQHCs, free and charitable clinics, and health plans and systems. Using CareMessage, safety-net organizations have reached over 10 million underserved patients with over 300 million text messages since 2013.
Founded in 2012 at Stanford University, CareMessage has raised over $35 million from , William K. Bowes Jr. Foundation, Pershing Square Foundation, Y Combinator, Schmidt Futures, , Direct Relief, Biogen, and many more.
Reporting to the VP of Engineering (who also serves as CISO and Chief Compliance Officer (CO)) and working closely with the COO, our Senior Compliance and Privacy Manager will play a key role in advising and overseeing compliance at CareMessage. This individual will be responsible for creating and reviewing policies and documents that impact our compliance standing, and assisting with maintaining and improving our posture with regards to regulations impacting CareMessage. Due to the current nature of our business, these are primarily related to Healthcare (HIPAA) and Messaging (A2P10DLC/TCPA/STIR/SHAKEN). This individual will be the Subject Matter Expert (SME) on all things Compliance and will help guide our decision making, and partner with the VPE and COO to direct company-wide initiatives and projects to different departments to improve and maintain a high standard of compliance.
The ideal candidate would have a desire and capacity to grow into an external advocate, working with industry groups, agencies, legislatures, and other critical stakeholders to draft or influence policies that impact underserved populations in our nation and further our mission of increasing health care equity for them.
- Possess comprehensive understanding of and remain current on key compliance mandates and legislation related to Voice/SMS messaging, Privacy, and Healthcare, including but not limited to: HIPAA, TCPA, STIR/SHAKEN, & other state mandated Privacy Acts such as CCPA, VCDPA, etc.
- Demonstrated experience with Project and/or Program Management in a cross-functional capacity
- Proven familiarity with contractual terms, language, and implementation
- Highly organized and detail-oriented, with strong emphasis on thoroughness
- Strong interpersonal skills with ability to interact and build rapport with executive-level external clients and internal stakeholders
- Exceptional written and oral communication skills
- Ability to identify and manage priorities
- Capable of multi-tasking and working independently
- Positive attitude and team player
- Expert proficiency on Microsoft Office and Google Suite
- You have experience working remotely
- You have a commitment to supporting and fostering diversity and inclusion within the teams you have worked with (We have a global team and you will regularly collaborate with people from a variety of walks of life)
- Legal training and/or background
- Experience working closely with Product Development functions (Product/Engineering)
- Experience working in the B2B SaaS space
- Draft, edit, review and interpret Contracts, Policies, Business Associate Agreements, Terms of Service, and other similar contractual documents, through the lens of compliance considerations and mandates
- Remain up-to-date on new regulations in our space that have ramifications for our product, business, and/or customers and their patients
- Review and assist with the selection and implementation of related compliance training resources for workforce
- Lead initiatives that increase our team’s awareness of and responsiveness to compliance requirements including internal training, audits, etc.
- Advise on investigations and risk assessments of potential privacy breaches, if needed (rare)
- Conduct compliance risk analyses and make recommendations and decisions to best protect the company
- Develop relationships with external SMEs, industry groups, and legal counsel as it pertains to compliance related topics
- Participate in synchronous and asynchronous product discussions to advise on compliance-related implications
- Draft internal and external facing communications to help our team and our customers remain aware and compliant with all regulations
- Be an advocate for compliance within the company
- Build and maintain strong relationships with peers and stakeholders
Within 1 Month you'll
- Gain a foundational understanding of our business, customers and patients
- Meet all key internal stakeholders and begin to understand and assess our Compliance policies and protocols
- Establish meetings and connection points with key external stakeholders
Within 3 Months you'll
- Perform a gap assessment of Compliance policies and protocols and work with CO and COO to develop roadmap of preliminary findings
- Create systems for maintaining awareness of and communicating key industry updates regarding relevant compliance changes
- Take over responsibility for Compliance responsibilities covered (or not covered) by other team members
Within 6 Months you'll
- Display strong leadership in the area of compliance having established strong rapport with all internal and external stakeholders
- Own the review of all contracts, agreements and documents with compliance related impact
- Established a clear process and cadence with Product, Engineering, Operations and other relevant functions to maintain an ongoing adherence to all related compliance topics
This role is currently set at a Senior Manager level (L3), equivalent to someone who has held multiple legal and compliance related roles with related experience in Healthcare and messaging for several years and is extremely proficient in their craft.Our salary allocation for this role is $169,500. Due to the nature of this role, this position is open to USA based applicants only.
Note: If you don’t fit this description perfectly (in particular, if you come from an under-represented group), but you would consider yourself a very Senior or Director Level Compliance Specialist or Manager, please apply!
We believe in equal work for equal pay. All team members performing the same role at the same level are paid the same regardless of where they are in the world. Working at CareMessage
Empathy and trust are ingrained in the culture at CareMessage —this workplace is a tight-knit community, where people are mission-driven and feel a sense of belonging in working towards common goals.
Our benefits offering is purposely built to engender trust, to enable wellbeing, and to allow us to focus on the things that matter most.
We believe in equal work for equal pay: all team members performing the same role at the same level are paid similarly, regardless of where they are in the worldFlexible work hours; fully remote teamHalf-day Fridays & 15 days of PTO19 paid company holidays, including a one week mid-year and one week end-of-year breakPaid parental leave for biological and adopted childrenGenerous medical, dental, and vision insurance for employees and their familiesHealth Savings Accounts and Flexible Spending Accounts401k retirement planShort & long-term disability insurance$100 per employee yearly wellness budget, with flexibility to spend on physical, emotional, and mental wellness resourcesPerkSpot: Instant access to discounts on products & services from hundreds of vendorsAnnual budget for professional and personal development (webinars, online courses, books, and more)Volunteerism incorporated in onboarding and encouraged on an ongoing basis9 wellness days to be used for self-care- or anything that comes up in life1-month (20 working days) paid sabbatical after the 4-year anniversary, and every 4 years thereafter