Vice President, PBM Compliance & Regulatory Operations – Remote NEW

Chicago, Illinois
Southern Scripts
Vice President, PBM Compliance and Regulatory Operations

Role and Responsibilities

The Vice President, PBM Compliance and Regulatory Operations, is responsible for building, leading, and operating Liviniti’s PBM compliance and privacy functions to ensure adherence to all applicable state and federal laws and regulations, including PBM-specific requirements and HIPAA, HITECH, ERISA-related disclosures, and the Consolidated Appropriations Act (CAA). This role translates regulatory and privacy obligations into operational workflows, system logic, controls, and audit-ready processes, embedding compliance into day-to-day business operations. The role owns PBM regulatory compliance, market conduct exam readiness, and privacy operations, including oversight of HIPAA incidents, breach response, corrective action plans, and ongoing risk mitigation. Partnering closely with Legal, Operations, Product, and Technology teams, this position does not act as a plan fiduciary or manage client ERISA compliance, but ensures PBM operations, data, disclosures, and privacy practices meet all regulatory and contractual requirements as an integral member of the Legal and Compliance leadership team. The Vice President, PBM Compliance and Regulatory Operations, is required to perform the following duties and professionally undertake the following responsibilities. Additional responsibilities include, but are not limited to, the following:

Build and Implement the Compliance Function

Stand up the compliance program from scratch and drive full implementation across the businessDevelop company and departmental policies and procedures and convert them into actionable workflows, controls, and system requirementsEstablish governance, reporting, and accountability mechanisms that are actively used and adhered to

State PBM Regulatory Compliance

Own and maintain a state-by-state regulatory inventory and monitoring processTranslate regulatory requirements into specific business rules and system configurationsPartner with operations and technology to implement requirements in areas such as claims adjudication, MAC pricing, pharmacy network standards, and appeals processesValidate that requirements are correctly implemented and functioning in practice

Market Conduct Exam Readiness

Build and maintain a continuous state of market conduct exam readinessDevelop documentation, evidence repositories, and audit trails tied to actual operationsConduct internal readiness reviews and mock examsLead regulatory exams, including data requests, responses, and remediation efforts

Systems, Controls, and Monitoring

Design and implement system-based compliance controls and automated edits within PBM platformsWork closely with technology teams to embed compliance with claims logic and operational workflowsEstablish ongoing monitoring, including control testing, exception reporting, and data validationDevelop dashboards and reporting to track compliance performance and risk

CAA and Gag Clause Compliance (PBM scope)

Oversee PBM responsibilities under the Consolidated Appropriations Act (CAA)Support and validate data for RxDC reportingEnsure compliance with gag clause requirements and support related attestationsBuild controlled, repeatable processes for cross-functional data aggregation and reportingEnsure outputs are accurate, documented, and audit-ready

Audit, Risk, and Third-Party Oversight

Build a risk-based audit and monitoring program aligned to regulatory exposureIdentify control gaps and drive remediation with business ownersOversee compliance of pharmacies, vendors, and downstream partners
Privacy Governance & HIPAA Oversight

Provide executive leadership for the organization’s HIPAA Privacy, Security, and Breach Notification compliance programs, ensuring alignment with enterprise compliance and regulatory strategyOversee development and maintenance of HIPAA policies, standards, and procedures, and integration into business and operational processesInterpret and operationalize federal and state health privacy regulations into actionable compliance controls and requirementsPartner with Legal, Information Security, IT, HR, and business leaders to embed privacy compliance across the organization and third-party relationshipsReport on privacy risk posture, key metrics, and emerging issues to executive leadership and governance bodies

HIPAA Incident Management & Corrective Action

Developing and updating HIPAA policies and procedures within the companyServe as executive lead for HIPAA-related incidents, overseeing intake, investigation, risk assessment, and breach determinationEnsure timely, accurate, and compliant breach notifications to affected individuals, regulators, and other required stakeholdersDirect development and execution of corrective action and remediation plans, addressing root causes and control gapsOversee regulatory interactions related to privacy incidents, including OCR inquiries, audits, and enforcement actions, in coordination with LegalMonitor and validate the effectiveness of remediation efforts and drive continuous improvement to prevent recurrence

Leadership and Execution

Operate as a hands-on leader, directly owning key deliverables in early stagesBuild and scale the compliance team over timeServe as primary point of contact for regulators, auditors, and external counselProvide regular reporting and insight to executive leadership

General Duties

Attend, complete, and demonstrate competency in all required HIPAA Training offered by the companyAbide by all obligations under HIPAA related to Protected Health Information (PHI)If a HIPAA violation is discovered, whether individually or by another, the violation must be reported to the Compliance DepartmentAssists with managing the legal calendar, inbox, and other shared inboxes, including maintaining organization and responding timely to inquiriesAssists CLO with various tasks, as neededParticipates in special compliance projects, as assignedManages compliance inboxPerforms other compliance duties, as assignedFlexibility to understand, appreciate, and embrace that this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee. Duties, responsibilities, and activities may change, or new ones may be assigned at any time, with or without notice

Required Skills and Competencies

Ability to review and interpret state and federal guidelines and translate them into practical, operational solutionsExecutive-level leadership skills with experience building and leading high-performing compliance or regulatory operations teamsSound judgment and decision-making in ambiguity, escalation, and regulatory risk scenarioStrong understanding of controls, audit readiness, and documentationAbility to balance compliance rigor with business enablementStrategic mindset with the ability to anticipate regulatory trends and proactively prepare the organizationStrong analytical skills to assess operational risk, data flows, and system impacts of regulatory requirementsExceptional written and verbal communication skills, including the ability to explain regulatory requirements clearly to non-legal audiencesWilling to challenge and push teams to implement, not deferExecution-oriented and comfortable working in the detailsEffective in ambiguous, fast-moving environmentsAbility to work independently and collaboratively in a team environment

Success Metrics (First 12 Months)

Compliance program implemented and operating across core PBM functions State PBM regulatory requirements translated into system logic and operational workflows Organization maintains ongoing market conduct exam readiness with complete documentation and evidence System-based controls and monitoring in place with measurable performance indicators CAA-related PBM processes operational, repeatable, and audit-ready All HIPAA incidents are identified, investigated, and resolved within required regulatory timeframes, with accurate breach determinations and compliant notifications Corrective actions address root causes and control gaps, with validation showing measurable reduction in repeat incidents and improved privacy control effectiveness

Supervisory Responsibility
This position may have supervisory responsibilities.

Position Type and Expected Hours of Work

Some flexibility in hours is allowed, but the employee must be available during the “core” work hours of 8:00 AM to 5:00 PM CT. The company covers clients form the West to the East Coast; work times must be adjusted to cover meetings in all time zones. Ability to work extended hours, weekends, and holidays in accordance with industry demands.

Travel
Limited travel is expected for this position.
What We Have to Offer
Our benefits package is designed to keep our employees happy and healthy – physically, mentally and financially:

Medical, Dental, Vision insuranceDisability and Life insuranceEmployee Assistance ProgramRemote work optionsGenerous Paid-Time OffAnnual Reviews and Development PlansRetirement Plan with company match immediately 100% vested

Required Education and Experience

Bachelor’s degree (B.A.) in Law, Healthcare Administration, Business Administration, Public Health, Pharmacy, or a related field, or 2+ years of related experience and/or training; or equivalent combination of education and experienceHigh degree of professional ethics and integritySound judgement and ability to analyze situations and information
Preferred Education and Experience . click apply for full job details