Vice President, PBM Compliance & Regulatory Operations - Remote

Southern Scripts

place Chicago, 60607

apartment

Telehealth, Remote Only, Hybrid (Remote and Onsite), Flexible (Remote or Onsite)

person_outline

Social Work, Other Behavioral, Mental, or Healthcare Field

work_outline

Internship

local_offer

Medical/Vision/Dental Insurance, Retirement Plan, Other Benefits

Vice President, PBM Compliance and Regulatory Operations

Role and Responsibilities

The Vice President, PBM Compliance and Regulatory Operations, is responsible for building, leading, and operating Liviniti’s PBM compliance and privacy functions to ensure adherence to all applicable state and federal laws and regulations, including PBM-specific requirements and HIPAA, HITECH, ERISA-related disclosures, and the Consolidated Appropriations Act (CAA). This role translates regulatory and privacy obligations into operational workflows, system logic, controls, and audit-ready processes, embedding compliance into day-to-day business operations. The role owns PBM regulatory compliance, market conduct exam readiness, and privacy operations, including oversight of HIPAA incidents, breach response, corrective action plans, and ongoing risk mitigation. Partnering closely with Legal, Operations, Product, and Technology teams, this position does not act as a plan fiduciary or manage client ERISA compliance, but ensures PBM operations, data, disclosures, and privacy practices meet all regulatory and contractual requirements as an integral member of the Legal and Compliance leadership team. The Vice President, PBM Compliance and Regulatory Operations, is required to perform the following duties and professionally undertake the following responsibilities. Additional responsibilities include, but are not limited to, the following:

Build and Implement the Compliance Function

Stand up the compliance program from scratch and drive full implementation across the businessDevelop company and departmental policies and procedures and convert them into actionable workflows, controls, and system requirementsEstablish governance, reporting, and accountability mechanisms that are actively used and adhered to

State PBM Regulatory Compliance

Own and maintain a state-by-state regulatory inventory and monitoring processTranslate regulatory requirements into specific business rules and system configurationsPartner with operations and technology to implement requirements in areas such as claims adjudication, MAC pricing, pharmacy network standards, and appeals processesValidate that requirements are correctly implemented and functioning in practice

Market Conduct Exam Readiness

Build and maintain a continuous state of market conduct exam readinessDevelop documentation, evidence repositories, and audit trails tied to actual operationsConduct internal readiness reviews and mock examsLead regulatory exams, including data requests, responses, and remediation efforts

Systems, Controls, and Monitoring

Design and implement system-based compliance controls and automated edits within PBM platformsWork closely with technology teams to embed compliance with claims logic and operational workflowsEstablish ongoing monitoring, including control testing, exception reporting, and data validationDevelop dashboards and reporting to track compliance performance and risk

CAA and Gag Clause Compliance (PBM scope)

Oversee PBM responsibilities under the Consolidated Appropriations Act (CAA)Support and validate data for RxDC reportingEnsure compliance with gag clause requirements and support related attestationsBuild controlled, repeatable processes for cross-functional data aggregation and reportingEnsure outputs are accurate, documented, and audit-ready

Audit, Risk, and Third-Party Oversight

Build a risk-based audit and monitoring program aligned to regulatory exposureIdentify control gaps and drive remediation with business ownersOversee compliance of pharmacies, vendors, and downstream partners

Privacy Governance & HIPAA Oversight

Provide executive leadership for the organization’s HIPAA Privacy, Security, and Breach Notification compliance programs, ensuring alignment with enterprise compliance and regulatory strategyOversee development and maintenance of HIPAA policies, standards, and procedures, and integration into business and operational processesInterpret and operationalize federal and state health privacy regulations into actionable compliance controls and requirementsPartner with Legal, Information Security, IT, HR, and business leaders to embed privacy compliance across the organization and third-party relationshipsReport on privacy risk posture, key metrics, and emerging issues to executive leadership and governance bodies

HIPAA Incident Management & Corrective Action

Developing and updating HIPAA policies and procedures within the companyServe as executive lead for HIPAA-related incidents, overseeing intake, investigation, risk assessment, and breach determinationEnsure timely, accurate, and compliant breach notifications to affected individuals, regulators, and other required stakeholdersDirect development and execution of corrective action and remediation plans, addressing root causes and control gapsOversee regulatory interactions related to privacy incidents, including OCR inquiries, audits, and enforcement actions, in coordination with LegalMonitor and validate the effectiveness of remediation efforts and drive continuous improvement to prevent recurrence

Leadership and Execution

Operate as a hands-on leader, directly owning key deliverables in early stagesBuild and scale the compliance team over timeServe as primary point of contact for regulators, auditors, and external counselProvide regular reporting and insight to executive leadership

General Duties

Attend, complete, and demonstrate competency in all required HIPAA Training offered by the companyAbide by all obligations under HIPAA related to Protected Health Information (PHI)If a HIPAA violation is discovered, whether individually or by another, the violation must be reported to the Compliance DepartmentAssists with managing the legal calendar, inbox, and other shared inboxes, including maintaining organization and responding timely to inquiriesAssists CLO with various tasks, as neededParticipates in special compliance projects, as assignedManages compliance inboxPerforms other compliance duties, as assignedFlexibility to understand, appreciate, and embrace that this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee. Duties, responsibilities, and activities may change, or new ones may be assigned at any time, with or without notice

Required Skills and Competencies

Ability to review and interpret state and federal guidelines and translate them into practical, operational solutionsExecutive-level leadership skills with experience building and leading high-performing compliance or regulatory operations teamsSound judgment and decision-making in ambiguity, escalation, and regulatory risk scenarioStrong understanding of controls, audit readiness, and documentationAbility to balance compliance rigor with business enablementStrategic mindset with the ability to anticipate regulatory trends and proactively prepare the organizationStrong analytical skills to assess operational risk, data flows, and system impacts of regulatory requirementsExceptional written and verbal communication skills, including the ability to explain regulatory requirements clearly to non-legal audiencesWilling to challenge and push teams to implement, not deferExecution-oriented and comfortable working in the detailsEffective in ambiguous, fast-moving environmentsAbility to work independently and collaboratively in a team environment

Success Metrics (First 12 Months)

Compliance program implemented and operating across core PBM functionsState PBM regulatory requirements translated into system logic and operational workflowsOrganization maintains ongoing market conduct exam readiness with complete documentation and evidenceSystem-based controls and monitoring in place with measurable performance indicatorsCAA-related PBM processes operational, repeatable, and audit-readyAll HIPAA incidents are identified, investigated, and resolved within required regulatory timeframes, with accurate breach determinations and compliant notificationsCorrective actions address root causes and control gaps, with validation showing measurable reduction in repeat incidents and improved privacy control effectiveness

Supervisory Responsibility

This position may have supervisory responsibilities.

Position Type and Expected Hours of Work

Some flexibility in hours is allowed, but the employee must be available during the "core" work hours of 8:00 AM to 5:00 PM CT. The company covers clients form the West to the East Coast; work times must be adjusted to cover meetings in all time zones. Ability to work extended hours, weekends, and holidays in accordance with industry demands.

Travel

Limited travel is expected for this position.

What We Have to Offer
Our benefits package is designed to keep our employees happy and healthy - physically, mentally and financially:

Medical, Dental, Vision insuranceDisability and Life insuranceEmployee Assistance ProgramRemote work optionsGenerous Paid-Time OffAnnual Reviews and Development PlansRetirement Plan with company match immediately 100% vested

Required Education and Experience

Bachelor's degree (B.A.) in Law, Healthcare Administration, Business Administration, Public Health, Pharmacy, or a related field, or 2+ years of related experience and/or training; or equivalent combination of education and experienceHigh degree of professional ethics and integritySound judgement and ability to analyze situations and information
Preferred Education and Experience

Juris Doctor (JD) or equivalent legal background strongly preferred10+ years of experience in healthcare compliance, PBM, health plan, or similar regulated environmentDemonstrated experience implementing regulatory requirements into operations, systems, or workflowsStrong knowledge of state PBM laws or comparable multi-state regulatory frameworksExperience supporting market conduct exams, audits, or regulatory reviewsProven ability to work cross-functionally with technology, operations, legal, and finance teams
Liviniti, LLC provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, Liviniti, LLC complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
Liviniti, LLC expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Liviniti, LLC employees to perform their job duties may result in discipline up to and including discharge. EOE M/F/D/V