Director, Compliance

Sharecare

Director, Compliance managing privacy strategy and compliance for healthcare tech company Sharecare. Leading operational execution of HIPAA and other compliance initiatives with various stakeholders.

Posted 5/16/2026full-timeRemote • 🇺🇸 United StatesLeadWebsite

About the role

Key responsibilities & impact

Owns operational execution of privacy and ROI compliance across assigned portfolios, regions, or client segments.
Supports the Chief Privacy Officer in setting privacy strategy and assessing risk, including potential state and/or federal regulations that directly affect the organization.
Interprets HIPAA, state medical record laws, and client contract requirements and operationalizes them into Sharecare ROI policies, SOPs, training materials, and quality controls.
Ensures consistent application of request processing standards, including authorizations, TAT requirements, disclosure limitations, and fee rules.
Ensures Sharecare policies and procedures regarding Release of Information (ROI) are accurately maintained, organized, and updated when changes are required, and ensures updates are completed in a timely manner.
Leads and supports internal audits, client audits, and regulatory inquiries (e.g., OCR investigations, client compliance reviews), including development of audit response strategy, documentation, and corrective actions.
Exercises broad discretion in compliance decisions affecting multiple clients, teams, or regions; escalates enterprise risks as appropriate to the Chief Privacy Officer.
Leads root-cause analysis for audit findings, client escalations, and compliance incidents and drives sustainable remediation plans to closure.
Oversees the investigation and documentation of all privacy and security incidents and ensures required reporting is completed in accordance with applicable requirements.
Along with the Security Department, conducts audits of security and privacy systems to ensure compliance with governing laws and regulations including, but not limited to, HIPAA, HITECH, and Omnibus as they pertain to Sharecare’s role as a Business Associate.
Partners closely with Legal, Compliance, Security, Product, Operations, Sales, and Client Success leadership to align operational practices with compliance and business objectives.
Ensures compliance requirements and quality controls are embedded in implementations, integrations, product adoption, renewals, and expansions.
Serves as a senior escalation point and participates in escalated compliance discussions with clients, including sensitive disclosures and multi-state compliance scenarios.
Maintains strong relationships with HIM leaders and enterprise stakeholders; supports client trust, renewal outcomes, and long-term business performance through consistent compliance execution.
Manages experienced professionals and/or subordinate analysts and is accountable for compliance outcomes across assigned client portfolios.
Oversees and partners with Learning and Development on all required training for Sharecare personnel including annual HIPAA training, biannual CRIS certification (if applicable), onboarding training, and policy/procedure training regarding privacy and security.
Acts as a resource to answer compliance questions/issues from Sharecare field staff and operational leaders.
Actively participates in local Health Information Association and/or other similar organizations.
Conducts seminars/webinars for clients and potential clients regarding topics such as HIPAA, HITECH, internal auditing, ROI compliance, and operational privacy best practices.
Manages assigned audit and compliance programs across Sharecare and joins project teams as required.

Requirements

What you’ll need

Bachelor’s degree required; Master’s degree preferred; or equivalent experience.
Typically requires 8–10+ years of ROI operations, privacy, compliance, and/or client success experience, including leadership responsibility.
Privacy credentials such as RHIA, CHPS, CHPC or equivalent preferred.
Must have experience with or expertise in the following: HIPAA / HITECH / Omnibus Final Rule.
Office for Civil Rights guidance and processes; regulatory inquiry and audit response.
Federal ROI requirements and state medical record/privacy laws and fee rules, including multi-state operational implications.
Operationalizing privacy requirements into policies, SOPs, training, and quality controls at scale.
Leading internal/client audits, root-cause analysis, corrective action planning, and sustainable remediation.
Incident investigation, documentation, and cross-functional breach/incident response partnership with Security and Legal.
Cross-functional leadership with Product, Operations, Legal, Security, Sales, and Client Success; ability to embed compliance into implementations, product adoption, renewals, and expansions.
Strong executive presence and client-facing capability, including participation in escalated discussions with clients and (as needed) regulators.
Excellent written and verbal communication skills.
Well-versed in current EHR technology usage with hands-on experience with systems such as Epic, Allscripts, Cerner, NextGen or similar (preferred).

Benefits

Comp & perks

Health insurance
Paid time off
Flexible work arrangements
Professional development opportunities

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

ROI operationsprivacy complianceaudit responseroot-cause analysisincident investigationpolicy developmentquality controlsregulatory compliancetraining developmentcorrective action planning

Soft Skills

leadershipclient-facing capabilityexecutive presencecommunication skillsrelationship managementcross-functional collaborationproblem-solvingstrategic thinkingdiscretion in compliance decisionstraining and mentoring

Certifications

RHIACHPSCHPCbiannual CRIS certification