Director of Corporate Compliance & Risk Management

The Massachusetts League of Community Health Centers (League) was founded in 1972 as one of the country's first state Primary Care Associations (PCAs). Established under the same federal authorizing legislation as the health center program (Section 330 of the Public Health Service Act), PCAs are organized around a set of core functions and competencies that provide a framework for support and assistance to health centers and the communities they serve. The League is a non-profit 501(c)(3) organization registered as a public charity with the Secretary of the Commonwealth. It maintains a professional staff at its headquarters in Boston and its training center in Worcester.

Position Summary:

The Director of Corporate Compliance & Risk Management will report to the Chief Legal & Compliance Officer in his capacity as Chief Compliance Officer for compliance duties and regulatory risk duties, with a dotted line to the SVP, Business Development & Strategy for operational risk management projects.

The Director of Corporate Compliance & Risk Management will assist the Chief Compliance Officer in carrying out functions required under the League's corporate compliance program and regulatory risk management program. The role will also ensure that the MLCHC's student loan repayment programs operating procedures comply with applicable federal and state laws and regulations as well as contracts covering the student loan repayment program. The Director of Corporate Compliance & Risk Management will work with management and staff to identify and manage the regulatory risk of the student loan repayment programs, and will be responsible for identification, prevention, monitoring and detection, resolution, and advisory functions as it relates to student loan repayment program compliance and audit initiatives. The role will also bridge the League's cybersecurity and risk initiatives and ensure adherence to best practices across all League departments.

Under operational risk management, the role will also assist the SVP of Business Development & Strategy in identifying, assessing, mitigating, and reporting on all financial, operational, and reputational risks; conducting quarterly risk assessments/reviews and providing mitigation recommendations maintaining risk register; tracking risk items and provide status updates on new and existing risks; and conducting quarterly control assessment reviews.

Essential Functions: (The following is a list of essential functions, which may be subject to change at any time and without advance notice. Management may assign new duties, reassign existing duties, or eliminate a role. Responsibilities include but may not be limited to the following.)

Under the direction of the Chief Compliance Officer, the Director of Corporate Compliance & Risk Management will identify program regulatory and compliance risks and advise on compliance mechanisms to avoid or address them. In addition, the Director of Corporate Compliance & Risk Management will:

Assist the Chief Compliance Officer with developing and implementing a comprehensive Corporate Compliance Program and Risk Management Program for the Mass League and its subsidiaries CommonWealth Purchasing Group, LLC and the Institute for Health Equity Research Evaluation & Policy, Inc.

Work with the Chief Compliance Officer on compliance and regulatory risk management program governance, including, but not limited to, attending, presenting, and conducting follow up to Compliance Committee and Board meetings

Assist the Chief Compliance Officer with executing research involving human subjects and Anti-Kickback Statute compliance functions

Evaluate existing procedures and SOPs to ensure compliance with internal student loan repayment policies and the requirements of applicable regulatory agencies. Additionally, ensure alignment with the task orders, master agreements, or other state contract documents as applicable

Support the Office of the Chief Compliance Officer, as appropriate, as well as outside consultants, in building contract compliance oversight and monitoring function for student loan repayment programs

Evaluate compliance and governance functions as it relates to operations, finance, and customer service of the loan repayment software system

Review and assess current student loan repayment operations infrastructure and identify any gaps, risks, and areas of improvements

Make suggestions regarding updates to internal procedures to drive greater levels of compliance

Manage issue resolution process identified to escalate, resolve, and trend issues to create appropriate risk mitigation and controls to improve compliance and regulatory process.

Assist the Chief Compliance Officer or their designee in establishing and implementing compliance policies and procedures, including performing periodic compliance audits.

Provide compliance guidance and training to all staff.

Work closely with the Office of the General Counsel to identify and investigate compliance issues and risks and suggest ways to prevent or resolve them

Manage regulatory and compliance risk and compliance documentation needs

Communicate with compliance and risk counsel on legal issues

Develop and implement compliance and risk programs: The Compliance and Risk Manager will create and implement programs to help the organization comply with Federal and State data security laws and internal compliance standards which include, but are not limited to, the management of:

SOPs for student loan repayment program: ensure compliance and outline risk initiatives.

Student loan repayment compliance / governance policy (overview of initiatives outlined in this memo)

Adherence to Written Information Security Plan (WISP)

Safeguarding PI and treatment of all records including record retention policy

Safeguarding PI and accurate treatment of all activity as it relates to SOP and governing procedures

Employee and contractor annual security training (see details below)

Electronic records policy

Secure protocol administration for all systems that contain PI:

Access control

Same role parity and assess maker / checker functionality

Passwords

Adherence to Disaster Recovery and Business Continuity Plan

Creation of a continuous improvement plan.

Making compliance risk and regulatory recommendations and preparing reports:

Conducting audits: Conduct internal audit to ensure ongoing compliance and to prepare the student loan repayment programs for successful external regulatory and compliance testing and audits.

Compliance Training: Assist with development and/or rollout of training modules annually.

Operational Risk Management duties include, but are not limited to:

Support Finance Department to develop and implement a process for disbursement of loan repayment funds to loan servicers to ensure compliance with master agreement, task orders or other contract documents, and any governing agencies that support money movement and transfer

Provide support to student loan repayment leadership and team for operations for MA Repay Support compliance function for the loan repayment software system implementation

Preparing quarterly and annual audit reports

Continuous improvement and monitoring of risks and controls

Risk Control Self-Assessment - Annual

Identify people, process, technology and security processes and risks

Assess and rate risks as connected to the annual risk assessment

Identify existing controls and rate effectiveness.

Document ratings, findings and opportunities for improvement (OFI)

Prepare Risk Treatment Plan based on approved rating documentation.

Mitigation, Acceptance and Action Plan to improve.

Documentation and Recordkeeping of the Plan

Operational Risk Assessment - Annual

Control Report - Quarterly and based on Control Mitigation Plan and

Audit Report - Quarterly

Audit Report - Annual Roll up

Collaboration with the Office of the General Counsel:

Ensure that the SOP's and policy documentation comply with applicable laws.

Managing documentation:

Manage the documentation and resources used by the compliance team.

Documentation of SOPs reflect accurate process

Creation of a change order and renewal process

Ongoing documentation of SOPs

Competencies/Skills:

Demonstrated proficiency with MS Office applications, especially Word, Excel and PowerPoint

Knowledge of project management software

Proven ability to juggle multiple projects simultaneously

Excellent oral communications skills; ability to communicate effectively with the public

Commitment to working to promote the healthcare of vulnerable population

Education/Experience:

Bachelor's degree in business, health care management, or relevant education required

5 years in compliance and risk management required

Experience administering compliance and risk management programs required

Experience completing compliance or risk audits required

Requirements:

The physical demands described here represent those that an employee must meet to perform the essential functions of this job successfully. While performing the duties of this job, the employee is required to talk and hear regularly. The employee must be able to remain in a stationary position 80% of the time. The employee needs to move inside and outside the office to access file cabinets, office equipment, meet with community partners at different sites. The position requires occasionally lifting office products and supplies up to 50 pounds and traveling to various locations for meetings.

Physical Requirements:

Physical demands represent those that an employee must meet to perform the essential functions of this job successfully. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Qualification Requirements:

To perform this job successfully, an individual must adequately perform each essential function. The requirements listed above are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The Massachusetts League of Community Health Centers is an equal opportunity employer committed to a workplace that reflects the diversity of the people of Massachusetts, including populations most impacted by health inequities. We actively seek a diverse staff that is reflective of the community we serve.

It is the policy of the Massachusetts League of Community Health Centers to provide equal employment opportunity to all employees and applicants for employment without regard to race, sex, sexual orientation, gender identity or expression, color, creed, religion, national origin, age, disability, marital status, parental status, family medical history or genetic information, political affiliation, military service or any other non-merit based factor in accordance with all applicable laws, directives and regulations of federal, state and city entities.