Job Description
Vice President, PBM Compliance and Regulatory Operations
Role and Responsibilities
The Vice President, PBM Compliance and Regulatory Operations, is responsible for building, leading, and operating Liviniti's PBM compliance and privacy functions to ensure adherence to all applicable state and federal laws and regulations, including PBM-specific requirements and HIPAA, HITECH, ERISA-related disclosures, and the Consolidated Appropriations Act (CAA). This role translates regulatory and privacy obligations into operational workflows, system logic, controls, and audit-ready processes, embedding compliance into day-to-day business operations. The role owns PBM regulatory compliance, market conduct exam readiness, and privacy operations, including oversight of HIPAA incidents, breach response, corrective action plans, and ongoing risk mitigation. Partnering closely with Legal, Operations, Product, and Technology teams, this position does not act as a plan fiduciary or manage client ERISA compliance, but ensures PBM operations, data, disclosures, and privacy practices meet all regulatory and contractual requirements as an integral member of the Legal and Compliance leadership team. The Vice President, PBM Compliance and Regulatory Operations, is required to perform the following duties and professionally undertake the following responsibilities. Additional responsibilities include, but are not limited to, the following:
Build and Implement the Compliance Function
Stand up the compliance program from scratch and drive full implementation across the businessDevelop company and departmental policies and procedures and convert them into actionable workflows, controls, and system requirementsEstablish governance, reporting, and accountability mechanisms that are actively used and adhered to
State PBM Regulatory Compliance
Own and maintain a state-by-state regulatory inventory and monitoring processTranslate regulatory requirements into specific business rules and system configurationsPartner with operations and technology to implement requirements in areas such as claims adjudication, MAC pricing, pharmacy network standards, and appeals processesValidate that requirements are correctly implemented and functioning in practice
Market Conduct Exam Readiness
Build and maintain a continuous state of market conduct exam readinessDevelop documentation, evidence repositories, and audit trails tied to actual operationsConduct internal readiness reviews and mock examsLead regulatory exams, including data requests, responses, and remediation efforts
Systems, Controls, and Monitoring
Design and implement system-based compliance controls and automated edits within PBM platformsWork closely with technology teams to embed compliance with claims logic and operational workflowsEstablish ongoing monitoring, including control testing, exception reporting, and data validationDevelop dashboards and reporting to track compliance performance and risk
CAA and Gag Clause Compliance (PBM scope)
Oversee PBM responsibilities under the Consolidated Appropriations Act (CAA)Support and validate data for RxDC reportingEnsure compliance with gag clause requirements and support related attestationsBuild controlled, repeatable processes for cross-functional data aggregation and reportingEnsure outputs are accurate, documented, and audit-ready
Audit, Risk, and Third-Party Oversight
Build a risk-based audit and monitoring program aligned to regulatory exposureIdentify control gaps and drive remediation with business ownersOversee compliance of pharmacies, vendors, and downstream partners
Privacy Governance & HIPAA Oversight
Provide executive leadership for the organization's HIPAA Privacy, Security, and Breach Notification compliance programs, ensuring alignment with enterprise compliance and regulatory strategyOversee development and maintenance of HIPAA policies, standards, and procedures, and integration into business and operational processesInterpret and operationalize federal and state health privacy regulations into actionable compliance controls and requirementsPartner with Legal, Information Security, IT, HR, and business leaders to embed privacy compliance across the organization and third-party relationshipsReport on privacy risk posture, key metrics, and emerging issues to executive leadership and governance bodies
HIPAA Incident Management & Corrective Action
Developing and updating HIPAA policies and procedures within the companyServe as executive lead for HIPAA-related incidents, overseeing intake, investigation, risk assessment, and breach determinationEnsure timely, accurate, and compliant breach notifications to affected individuals, regulators, and other required stakeholdersDirect development and execution of corrective action and remediation plans, addressing root causes and control gapsOversee regulatory interactions related to privacy incidents, including OCR inquiries, audits, and enforcement actions, in coordination with LegalMonitor and validate the effectiveness of remediation efforts and drive continuous improvement to prevent recurrence
Leadership and Execution
Operate as a hands-on leader, directly owning key deliverables in early stagesBuild and scale the compliance team over timeServe as primary point of contact for regulators, auditors, and external counselProvide regular reporting and insight to executive leadership
General Duties
Attend, complete, and demonstrate competency in all required HIPAA Training offered by the companyAbide by all obligations under HIPAA related to Protected Health Information (PHI)If a HIPAA violation is discovered, whether individually or by another, the violation must be reported to the Compliance DepartmentAssists with managing the legal calendar, inbox, and other shared inboxes, including maintaining organization and responding timely to inquiriesAssists CLO with various tasks, as neededParticipates in special compliance projects, as assignedManages compliance inboxPerforms other compliance duties, as assignedFlexibility to understand, appreciate, and embrace that this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee. Duties, responsibilities, and activities may change, or new ones may be assigned at any time, with or without notice
Required Skills and Competencies
Ability to review and interpret state and federal guidelines and translate them into practical, operational solutionsExecutive-level leadership skills with experience building and leading high-performing compliance or regulatory operations teamsSound judgment and decision-making in ambiguity, escalation, and regulatory risk scenarioStrong understanding of controls, audit readiness, and documentationAbility to balance compliance rigor with business enablementStrategic mindset with the ability to anticipate regulatory trends and proactively prepare the organizationStrong analytical skills to assess operational risk, data flows, and system impacts of regulatory requirementsExceptional written and verbal communication skills, including the ability to explain regulatory requirements clearly to non-legal audiencesWilling to challenge and push teams to implement, not deferExecution-oriented and comfortable working in the detailsEffective in ambiguous, fast-moving environmentsAbility to work independently and collaboratively in a team environment
Success Metrics (First 12 Months)
Compliance program implemented and operating across core PBM functions State PBM regulatory requirements translated into system logic and operational workflows Organization maintains ongoing market conduct exam readiness with complete documentation and evidence System-based controls and monitoring in place with measurable performance indicators CAA-related PBM processes operational, repeatable, and audit-ready All HIPAA incidents are identified, investigated, and resolved within required regulatory timeframes, with accurate breach determinations and compliant notifications Corrective actions address root causes and control gaps, with validation showing measurable reduction in repeat incidents and improved privacy control effectiveness
Supervisory Responsibility
This position may have supervisory responsibilities.
Position Type and Expected Hours of Work
Some flexibility in hours is allowed, but the employee must be available during the "core" work hours of 8:00 AM to 5:00 PM CT. The company covers clients form the West to the East Coast; work times must be adjusted to cover meetings in all time zones. Ability to work extended hours, weekends, and holidays in accordance with industry demands.
Travel
Limited travel is expected for this position.
What We Have to Offer
Our benefits package is designed to keep our employees happy and healthy - physically, mentally and financially:
Medical, Dental, Vision insuranceDisability and Life insuranceEmployee Assistance ProgramRemote work optionsGenerous Paid-Time OffAnnual Reviews and Development PlansRetirement Plan with company match immediately 100% vested
Required Education and Experience
Bachelor's degree (B.A.) in Law, Healthcare Administration, Business Administration, Public Health, Pharmacy, or a related field, or 2+ years of related experience and/or training; or equivalent combination of education and experienceHigh degree of professional ethics and integritySound judgement and ability to analyze situations and information
Preferred Education and Experience . click apply for full job details