Chief Compliance Officer & Chief Privacy Officer / Job Req 990161477

Location 1240 S LOOP RD, Alameda, CA, 94502-7084, United States Base Pay $305,697.6 - $458,556.8 / Year Employee Type Full Time Hybrid : Applicants must be a California resident as of their first day of employment. Must reside within a 120-mile radius of the Alliance’s office in Alameda, CA.

PRINCIPAL RESPONSIBILITIES

The Chief Compliance Officer & Chief Privacy Officer (CCO/CPO) is responsible for the development, implementation, and oversight of all activities related to the Alliance’s adherence to the laws, regulations and policies that govern its business, with specific emphasis on Medicare, Medi-Cal, and commercial programs. The CCO/CPO leads the organization’s Enterprise Risk Management (ERM) program following ISO 31000 and COSO frameworks to identify, assess, and mitigate risks across the enterprise. The CCO/CPO is responsible for the identification and organization of information and resources related to Compliance requirements and policies; for the communication and training on the importance of Compliance in general; and for the development of policies, procedures and standards related to the Compliance Program. Additionally, the CCO/CPO is responsible for identifying and assessing areas of compliance risk for the Alliance and developing and implementing plans to reduce risk and maintain compliance. The CCO/CPO reports to the Chief Executive Officer (CEO) and the Board of Governors. Principal responsibilities include:

COMPLIANCE PROGRAM & ENTERPRISE RISK MANAGEMENT

Update, implement, document, and maintain the Alliance’s Compliance Program, as necessary. Develop, implement, and oversee the Enterprise Risk Management (ERM) program following ISO 31000 and COSO principles, establishing a systematic approach to identifying, analyzing, and managing risks across the organization. Develop and execute a Medicare-specific compliance work plan that adheres to CMS requirements, including performance of risk assessments, monitoring, and auditing. Develop an annual work plan, in cooperation with the Compliance Committee, that provides for the ongoing development and implementation of the Compliance Program across all lines of business. Establish and maintain an enterprise risk register that identifies, categorizes, and prioritizes risks in alignment with ISO or COSO's integrated framework. Facilitate regular enterprise risk assessments using established ISO methodologies and prepare reports on the organization's risk profile. Set Compliance Committee agendas and develop reports of Compliance Committee findings and actions on a routine basis. Chair the Enterprise Risk Management Committee, or its equivalent, and coordinate cross‑functional risk management activities. Coordinate resources to ensure the ongoing effectiveness of the Compliance Program. Present periodic reports and an annual evaluation on the operation of the Compliance Program and Enterprise Risk Management activities to the Board of Governors and senior management, including an annual work plan that will include identifying areas of risk, with specific attention to Medicare program risk areas. Hire and manage Compliance Department staff, including specialized Medicare compliance personnel and risk management professionals. Manage the Compliance Department’s administrative duties, including supervising support staff, organizing and maintaining compliance files, and preparing necessary reports on activities. Represents the Alliance as primary contact for Federal, State and regulatory bodies or other relevant parties in issues of compliance. Prepare information, organize materials and staff, and complete or oversee all filings, compliance audits and site visits for and by applicable agencies. Coordinate with department directors and managers, legal counsel and the Human Resource Department as necessary and applicable in the execution of the Compliance Program and Enterprise Risk Management initiatives. Coordinate with the Chief Security Officer on matters involving privacy and security breaches, investigations, and reporting.

POLICIES, PROCEDURES AND STANDARDS

In a timely fashion, update and distribute applicable policy and procedures with current compliance information, along with notification and/or training on the effect or implication of such policy or procedure on the Alliance or on a particular department. Develop and maintain the Enterprise Risk Management policy and framework in accordance with ISO 31000 and COSO ERM principles. Establish risk appetite statements and risk tolerance thresholds for key risk categories in partnership with executive leadership and the Board. Ensure alignment between Medicare, Medi-Cal, and commercial program compliance activities and requirements. Implement standardized risk assessment methodologies across the organization following ISO principles. Identify, assess, and report on areas of risk for the Alliance and with the appropriate staff of various departments and develop policies and procedures to ensure compliance with federal, state, and local laws, with specific attention to Medicare regulations and CMS guidance.

EDUCATION AND TRAINING

Assist internal departments in establishing, maintaining, and updating programs to educate and train managers and other employees regarding applicable state and federal compliance requirements, including HIPAA, and to regularly monitor compliance with those requirements. Monitor and identify state and federal regulatory changes that impact the Alliance, and provide education, in conjunction with the senior management team, to employees, agents and contractors in identification and implementation of any required policy or process modifications necessary to comply with all applicable state and federal regulations and contracts. Develop, implement, and maintain appropriate training and education for Alliance employees, the Board of Governors, providers and members regarding the Compliance Plan and the Alliance’s commitment to compliance. Develop and deliver enterprise risk management training for employees at all levels, with specialized training for risk owners and senior leadership. Develop and implement specialized Medicare compliance training for staff, leadership, and Board members, including fraud, waste, and abuse prevention. Monitor and identify state and federal regulatory changes that impact the Alliance, particularly CMS requirements for Medicare Advantage and Part D programs, and provide education, in conjunction with the senior management team, to employees, agents and contractors in identification and implementation of any required policy or process modifications necessary to comply with all applicable state and federal regulations and contracts.

EFFECTIVE LINES OF COMMUNICATION

In coordination with the Human Resources Department, assist in the development and communication of a confidential process and the open‑door policy for all employees to seek guidance on compliance with questions or concerns and to report suspected violations of the Company Code of Conduct, its policies and procedures, and/or violation of law or regulations. Establish and maintain communication channels for reporting enterprise risks, near misses, and risk incidents. Ensure that employees are informed of the Alliance's non‑retaliation policy and, in cooperation with the Human Resources Department, ensure the appropriate implementation of the non‑retaliation policy. Maintain and operate the Alliance's compliance hotline and other mechanisms to receive reports of alleged compliance violations, including potential Medicare fraud, waste, and abuse. Formalize and monitor a system to enable employees to report any non‑compliance without fear of retribution, ensuring that the reporting system is adequately publicized and that allegations of non‑compliance are investigated and responded to promptly. In coordination with the Human Resources Department, communicate the Compliance Program’s code of conduct, policies, and procedures in a practical manner to all employees through regular training and education programs and other appropriate means. Communicate responses/actions to reports of compliance matters to senior managers, as necessary, the Compliance Committee, and the Board of Governors. Lead the coordination with HIPAA, privacy, and security risk assessment activities. Establish productive working relationships with all Alliance departments and employees to facilitate operation of the Compliance Program including education, training, compliance, auditing, and reporting. Escalate privacy and regulatory matters to the CEO in a timely manner.

ENFORCING STANDARDS

Coordinate with the Human Resource Department to ensure compliance objectives are incorporated into hiring, evaluation, investigation, and discipline practices. In conjunction with the Human Resource Department, publicize the consequences of non‑compliance by educating employees regarding disciplinary action that may be taken as a result of non‑compliance, up to and including termination of employment. Formalize and monitor a system to enable employees to report any non‑compliance without fear of retribution, ensuring that the reporting system is adequately publicized and that allegations of non‑compliance are investigated and responded to promptly. Establish and maintain key risk indicators (KRIs) and key performance indicators (KPIs) for monitoring risk management effectiveness. Implement a consistent methodology for tracking and reporting on risk treatment plans and their effectiveness.

MONITOR, TRACK AND AUDIT

Consistent with the annual compliance work plan, assist departments in compliance identifying, prioritizing, and undertaking monitoring and auditing activities. Lead in the coordination with applicable departments and/or agencies to develop audit procedures and conduct internal and external audits. Oversee Medicare program audits, including readiness for CMS program audits and responses to audit findings. Conduct regular enterprise-wide risk assessments using COSO and ISO methodologies to identify emerging risks and evaluate control effectiveness. Develop and/or ensure internal controls are capable of preventing and detecting significant instances or patterns of illegal, unethical, or improper conduct. Assist department managers in establishing routine audit and reporting procedures in accordance with compliance requirements. In the event of non‑compliance, work with applicable department manager to establish a corrective action plan, following up on such plan until compliance is restored. Conduct routine review of the OIG’s “List of Excluded Individuals/Entities” to determine if employees, third parties with whom the Alliance does business, or any providers have been excluded from federal health care programs. Direct Medicare data validation activities to ensure accuracy of data submitted to CMS. Develop and maintain risk control matrices that document key risks and associated controls across the organization. Conduct control effectiveness testing and facilitate control self‑assessments in alignment with COSO principles.

INVESTIGATION AND CORRECTIVE ACTION

Coordinate as appropriate with legal counsel, conducting or authorizing and overseeing investigations of matters requiring investigation under the Compliance Program. Develop detailed corrective action plans that clearly identify the corrective action steps required, timeframes, and individuals responsible for corrective action. Work with the appropriate department director or manager coordinate implementation of corrective action plans. Implement a structured risk response process that includes risk acceptance, mitigation, transfer, or avoidance strategies in accordance with ISO 31000. Work with the appropriate department director or manager coordinate implementation of corrective action plans. In coordination with senior management and legal counsel, as applicable, communicate with all federal, state, and regulatory bodies on issues of compliance, including but not limited to applicable reporting of compliance audits, fraud or abuse, patient privacy, grievances, and other issues of non‑compliance. Ensure timely self‑reporting of identified Medicare compliance issues to CMS as required. Monitor the implementation and effectiveness of risk mitigation activities through established metrics and reporting mechanisms.

ESSENTIAL FUNCTIONS OF THE JOB

Update, develop, implement, document, and maintain organization‑wide compliance program as necessary. Update, develop, implement, and maintain organizational policies, procedures, and standards. Coordinate and initiate internal audits. Compliance education and training of staff. Monitor, track, and audit the compliance program, identify risks, and ensure departmental compliance on an ongoing basis. Initiate investigations and corrective action plans.

PHYSICAL REQUIREMENTS

Constant and close visual work at desk or computer. Constant sitting and working at desk. Constant data entry using keyboard and/or mouse. Frequent use of telephone headset. Frequent verbal and written communication with staff and other business associates by telephone, correspondence, or in person. Frequent lifting of folders and various other objects weighing between 0 and 30 lbs. Frequent walking and standing. Occasional driving of automobiles. Number of Employees Supervised: 3-5

MINIMUM QUALIFICATIONS

EDUCATION OR TRAINING EQUIVALENT TO

Master’s degree with emphasis in business, health administration, or related field preferred. Medicare compliance certification (CHC, CCEP, or similar) preferred. Enterprise Risk Management certification (CRMA, CRISC, or similar) preferred.

MINIMUM YEARS OF ADDITIONAL RELATED EXPERIENCE

Twelve (12) years’ experience in Federal and/or State regulatory compliance. Five (5) years in compliance and/or risk management roles at the management level in managed health care or insurance industry. Twelve (12) years’ health plan management experience. Experience with Medicare Advantage and/or Part D program compliance preferred. Experience implementing, overseeing or managing Enterprise Risk Management programs following ISO 31000 or COSO frameworks preferred.

SPECIAL QUALIFICATIONS (SKILLS, ABILITIES, LICENSE)

Specialized training in Federal regulatory compliance and/or corporate risk. Demonstrated knowledge of ISO 31000 risk management principles and ISO or COSO Enterprise Risk Management Framework. Experience in using managed care concepts within the public sector health delivery systems. Excellent oral and written communication skills, with emphasis on effective education, training, and reporting. Inquisitive and analytical problem solver with initiative and ability to work independently. Excellent interpersonal skills and ability to perform effectively with members of different departments as a team. Ability to effectively present and represent the Alliance’s interests externally with regulators. Excellent computer analysis and research skills. Ability to read, analyze and interpret professional journals, technical procedures, governmental regulations, and legal documents. Ability to understand and discuss detail, but also to develop and manage high‑level plans and strategies. Strong influencing skills and perseverance in investigating. Demonstrates high integrity and excellent judgment. Proven ability to maintain an effective professional liaison with a Board of Governors. Extensive experience with public assistance programs and public agencies. Experience in use of various computer system software as well as Windows, Microsoft Word, Microsoft Excel, Microsoft Outlook and Microsoft PowerPoint.

SALARY RANGE

$305,697.60 - $458,556.80 ANNUALLY

The Alliance is an equal opportunity employer and makes all employment decisions on the basis of merit and business necessity. We strive to have the best-qualified person in every job. The Alliance prohibits unlawful discrimination against any employee or applicant for employment based on race, color, religious creed, sex, gender, transgender status, age, sexual orientation, national origin, ethnicity, citizenship, ancestry, religion, marital status, familial status, status as a victim of domestic violence, assault or stalking, military service/veteran status, physical or mental disability, genetic information, medical condition, employees requesting accommodation of a disability or religious belief, political affiliation or activities, or any other status protected by federal, state, or local laws. #J-18808-Ljbffr DeKalb Health