Compliance and Risk Manager

Job Description:At Desert Sage Health Centers, effective compliance starts with strong relationships. The Compliance & Risk Manager builds trust with teams across the organization so that regulatory requirements can be understood, questions can be asked early, and practical, compliant solutions can be developed together. POSITION SUMMARYThis Compliance & Risk Manager reports directly to the CEO and coordinates Desert Sage Health Centers' regulatory compliance and risk management activities by developing, maintaining, and executing the organization's annual compliance calendar and ensuring federal, state, and grant-related requirements are monitored, documented, and completed on time. This role supports compliance with HRSA program requirements, FTCA risk management, 340B program integrity, HIPAA privacy and security, credentialing compliance, policy governance, etc. Working across departments, the manager ensures required documentation, monitoring, and process improvements occur consistently and that the organization maintains readiness for HRSA site visits, FTCA deeming application, and other regulatory audits. The Compliance & Risk Manager oversees the organization's compliance program across five governance domains designed to protect federal funding, reduce organizational risk, and ensure continuous readiness for regulatory review. PRIMARY DUTIES AND KEY RESPONSIBILITIES1.Federal Program & Regulatory ComplianceMonitor regulatory requirements affecting FQHC operations, including HRSA program requirements, and communicate relevant updates to leadership. Maintain documentation systems required for HRSA Operational Site Visits, Scope of Project documentation, and federal grant compliance, including documentation maintained within HRSA Electronic Handbooks (EHB). Coordinate compliance activities related to HRSA program requirements and federal grant oversight, ensuring continuous complianceMaintain documentation supporting federal reporting requirements, including oversight and coordination of annual UDS submission processes. Coordinate oversight of annual PCMH recertification requirements in partnership with the Quality Manager. 2.Risk Management & Patient SafetyServes as the organization's risk manager for annual FTCA coordination and submission. Coordinate the organization's risk management program in alignment with FTCA requirements. Support preparation of the annual FTCA deeming application and maintain the Risk Management Plan, Risk Management Training plan, and supporting documentation. Manage incident, event reporting, and patient complaint processes, ensuring appropriate documentation and follow-up. Coordinate Safety/Risk Committee activities, risk assessments, and mitigation tracking. Maintain oversight over the annual completion of emergency preparedness planning, drills, and documentation requirements, particularly as they relate to CMS Emergency Preparedness regulations. Coordinate documentation related to corporate insurance coverage and risk management records. 3.Privacy, Security & Information GovernanceServe as the organization's HIPAA Privacy and Security Officer. Coordinate breach assessment, investigation, and documentation processes. Monitor workforce HIPAA training compliance and maintain Business Associate Agreement documentation. Oversee privacy practices including release of information processes and patient privacy documentation standards. Understand and monitor state and federal privacy laws for changes and possible workflow adjustments (i.e. Idaho minor consent) Coordinate the annual HIPAA Security Risk Assessment and track remediation of identified vulnerabilities. Monitor system access controls, user permission guides, external user permissions request, and onboarding/offboarding procedures in collaboration with the IT vendor. 4.Program Compliance & Workforce OversightMaintain comprehensive oversight of 340B program compliance documentation, policies, state transparency reporting, and annual recertification requirements. Provide compliance oversight of credentialing vendor activities and regulatory workforce documentation requirements. Monitor completion of required regulatory and compliance training, including workforce training related to privacy, risk management, and regulatory requirements. Support departments in maintaining documentation necessary for regulatory program compliance. 5.Organizational Compliance InfrastructureDevelop, maintain, and execute the organization's annual compliance calendar. Coordinate the organization's compliance monitoring program, including tracking departmental compliance activities and monitoring corrective action plans. Maintain the organization's policy management application and governance process, including policy review schedules, version control, and regulatory alignment. Serve as a central point of coordination for compliance activities across departments. Support leadership in identifying compliance risks and implementing mitigation strategies. The above list of responsibilities is intended as a guide and not as an exhaustive list of tasks or projects. Other compliance-related duties will be expected as compliance requirements change and the organization shifts to meet those needs. PREFERRED QUALIFICATIONSA bachelor's degree in healthcare administration, public health, business administration, or a related field (master's preferred) 5-7 years of experience in healthcare compliance, risk management, healthcare administration, or a closely related field Familiarity with HRSA program requirements including UDS and OSVs, FTCA risk management, HIPAA Privacy and Security Rules, and federal grant compliance Demonstrated experience coordinating regulatory documentation and compliance activities across multiple departments WORK ENVIRONMENTThis position operates in a professional office environment. This role routinely uses standard office equipment such as a laptop computer, smartphone, photocopier, filing cabinets, and other presentation materials. Desert Sage Health Centers | Equal Opportunity Employer