Director - Compliance

Key Responsibilities

1) Investigations & SIU Oversight

• Lead investigations related to whistleblower and ethics hotline reports, fraud, waste and abuse (FWA), data privacy and information security incidents, employee misconduct, retaliation, harassment, conflicts of interest, and client or regulatory compliance breaches.
• Directs and manages the end-to-end case lifecycle: intake, triage, scoping, evidence collection, interviews, findings, and closure.
• Ensure investigations meet CMS, OIG, HIPAA/HITECH, DOJ guidance, client contractual requirements, and local country laws (e.g., India DPDP, Philippines DPA, Jamaica DPA, Colombia regulations).
• Maintain strict confidentiality, non-retaliation protections, and defensible documentation standards.
• Partner with Legal, HR, Information Security, Compliance, Operations, and leadership on sensitive matters.

2) Audit, Assurance & Compliance Reviews

• Plan and execute compliance audits, operational and process audits, and regulatory and client audit readiness reviews.
• Evaluate internal control design and operating effectiveness, compliance with laws, regulations, and contracts, and risk management practices across functions and geographies.
• Develop audit scopes, work programs, testing plans, and reports.
• Document findings, risk ratings, root causes, and corrective action plans.
• Track remediation and escalate overdue or ineffective actions.

3) Risk, Controls & Continuous Improvement

• Use investigation trends and audit results to identify systemic risks and control gaps and drive preventive and corrective actions.
• Contribute to and challenge the enterprise risk register.
• Reduce repeat incidents and recurring audit findings.
• Strengthen policies, procedures, and controls and promote a culture of compliance and accountability.

4) Governance, Reporting & Stakeholder Management

• Assist in reporting for Executive Leadership, Audit Committee / Board, regulators, and clients as required.
• Assist in the production integrated reporting on investigation volumes and trends, audit results and risk themes, remediation status, and control maturity.
• Ensure accurate, timely, and defensible reporting.
• Support regulatory exams, client audits, and external assurance activities.

5) Program Management, Tools & Standards

• Own or help administer GRC and case management platforms (e.g., AuditBoard, ComplianceLine/Ethico, Certiphi and EY compliance Management Tool).
• Standardize investigation methodologies, audit methodologies, and issue and remediation tracking workflows.
• Improve program maturity, metrics, and automation and reduce reliance on manual or off-system tracking.

Qualifications

• Bachelor’s degree in Business, Accounting, Compliance, Law, Criminal Justice, or related field or applicable experience may be accepted.
• 4 years of experience in Compliance, HR, Investigations, Internal Audit, Risk, or Regulatory Assurance experience may be substituted.
• Strong experience in healthcare, BPO, or other highly regulated environments.
• Demonstrated experience managing sensitive investigations and audit and assurance programs.
• Excellent analytical, writing, and executive communication skills.
• High integrity, independence, and strong professional judgment.

Preferred Qualifications

• Experience with CMS, OIG, HIPAA, SOC, ISO, NIST, SOX, and multi-country regulatory frameworks but not required
• Experience with GRC and case management tools (AuditBoard, Ethico, Archer, ServiceNow). But not required.
• Experience supporting Board-level reporting and Audit Committee interactions.

Performance Objectives & KPIs

1) Case Management, Triage & Timeliness (25%)

Objectives:

• Ensure all cases are triaged, investigated, and closed within defined SLAs.
• Maintain a low, risk-based backlog with prompt escalation of high-risk matters.

KPIs:

• ≥ 95% of cases triaged within 48 hours.
• 100% of high-risk cases escalated within SLA.
• Average case closure time: High ≤ 30 days; Medium ≤ 60 days; Low ≤ 90 days.
• < 5% of cases aged > 90 days.

2) Investigation & Audit Quality / Defensibility (25%)

Objectives:

• Deliver thorough, consistent, and defensible investigations and audits.
• Minimize rework and prevent quality-related escalations.

KPIs:

• ≥ 95% of investigations and audits pass QA / Legal / Compliance review first time.
• ≥ 98% of cases and audits have complete documentation and approvals.
• 0 high-risk audit, client, or regulatory findings related to investigation or audit process.
• ≥ 98% adherence to approved SIU and audit methodologies.

3) Risk Reduction, Root Cause & Remediation (20%)

Objectives:

• Reduce repeat issues and systemic risks using investigation and audit insights.
• Ensure timely and effective remediation across the business.

KPIs:

• 100% of substantiated cases and audit findings have documented root cause analysis.
• ≥ 90% of corrective actions closed by due date (tracked in AuditBoard).
• ≥ 25–30% year-over-year reduction in repeat high-risk issues.
• Downward trend in open high-risk issues and repeat findings.

4) Governance, Board, Regulator & Client Confidence (20%)

Objectives:

• Provide timely, accurate, and meaningful reporting to leadership, the Board, clients, and regulators.
• Maintain strong credibility and avoid quality or timeliness escalations.

KPIs:

• 100% of Board / Executive / Client reports delivered on time.
• 0 escalations due to missed deadlines or poor quality reporting.
• ≥ 4.5 / 5 stakeholder satisfaction score (Legal, HR, Compliance, Clients, Operations).
• 0 material reporting or data integrity errors.

5) Program Maturity, Tools & Enablement (10%)

Objectives:

• Mature the investigations and audit programs through standardization, tooling, and automation.
• Reduce manual tracking and increase system-of-record adoption.

KPIs:

• ≥ 95% of cases, audits, and issues managed in AuditBoard and ComplianceLine/Ethico.
• 100% adoption of standard methodologies and templates.
• ≥ 3–5 meaningful process or control improvements delivered per year.
• ≥ 60% reduction in off-system (email/Excel) tracking.