Compliance Manager

Join a team that’s transforming mental healthcare. Founded by psychiatrists, Headlight is more than a company: it’s a movement. A movement that exists on the front lines of the mental health crisis, transforming the way people access care and the way clinicians deliver it. In order to help people in their time of need and ensure that every person who comes to us has options, we are transparent about our capabilities, treatments, and coverage, we champion innovation, and we leverage our rich data to continuously implement better ways of delivering care. Our mission is simple but powerful: Improving lives, one session at a time.Our highly skilled and principled clinical team enjoys autonomy and institutional support so they can put their focus where it should be: on improving patient outcomes. Our clinicians want to do more than help individual clients, so they work to affect the system as a whole, elevating standards of care so that their efforts reverberate far beyond what they could do in private practice.As the most trusted behavioral health partner in the Western U.S., we’ve established deep relationships that give us unparalleled access, interoperability, and first-priority referrals. This exclusivity, combined with our best-in-class coordinated care and feedback loops, results in superior outcomes and cost savings.Our services are convenient, accessible, and expert, combining personalized client engagement with advanced technology to enhance, not replace, human connection. Indeed, we hold that human-to-human relationships are indispensable, so from the match to the session to the time between sessions, we provide whole person care so nobody falls through the cracks and there is a brighter path forward for all.The Compliance Manager will oversee healthcare regulatory compliance (including HIPAA and state licensing requirements), while also partnering with internal stakeholders across Legal, Clinical Operations, IT, and Security to ensure the organization maintains strong operational controls and regulatory readiness. This role will help design and operationalize the company’s compliance framework, proactively identify risks, and ensure our policies and practices support ethical, compliant care delivery. We are looking for someone to join us in hybrid role in Salt Lake City or remotely from AK, AZ, CO, FL, MI, NV, NC, OR, TX, or WA.Our PillarsMake things easier.Forge genuine connections.Elevate the standard.Roles and ResponsibilitiesCompliance Program LeadershipDevelop, implement, and maintain the company’s enterprise compliance program, including policies, procedures, and internal controls aligned with healthcare regulatory standards.Serve as the organization’s Privacy Officer, monitoring adherence to applicable federal and state healthcare regulations.Establish and maintain a compliance monitoring and auditing program to proactively identify risks and ensure operational compliance.Audit Readiness & Risk ManagementConduct internal audits and compliance reviewsLead payer audit preparation and response supportManage HIPAA Security Risk Assessments and remediation efforts, internally or through vendorsIdentify and mitigate regulatory risk before it becomes operational or financial exposureHealthcare Regulatory ComplianceEnsure compliance with key healthcare regulations including HIPAA, HITECH, state licensing requirements, telehealth regulations, and payer compliance obligations.Monitor regulatory changes across the healthcare landscape and translate requirements into operational policies and procedures.Support clinical and operational teams in maintaining compliance with documentation, privacy, and care delivery requirements.Oversee compliance for telehealthEnsure compliance with HIPAA Privacy and Security, Anti-Kickback Statute, Stark Law, CMS rules, and state regulationsReview clinical workflows, documentation standards, and care team roles for regulatory alignmentEvaluate new service lines, partnerships, and initiatives for compliance and reimbursement riskEnsuring proper operating procedures are in place for compliance relating to employee onboarding and client admissions, clinical documentation, treatment, and discharge.Privacy & Data ProtectionPartner with IT and Security teams to oversee HIPAA privacy and security compliance, including policies governing PHI, access controls, and incident response.Lead internal investigations related to potential privacy or compliance violations and coordinate remediation efforts.Risk Management & AuditingConduct periodic compliance risk assessments and internal audits across clinical, operational, and technical systems.Develop corrective action plans when gaps are identified and ensure timely resolution.Prepare the organization for regulatory reviews, audits, and accreditation processes when applicable.Conducts bench testing/auditing of business activities to confirm that compliance controls are operating effectively.Leverages data analytics and investigative techniques to identify compliance trends, assess risks, and share actionable insights with key stakeholders.Assist to ensure that ongoing regulatory and accreditation requirements such as internal inspections, written assessments, and emergency drills are completed on time.Cross-Functional CollaborationWork closely with Legal, HR, Clinical Leadership, IT, Security, and Operations to integrate compliance practices into day-to-day workflows.Support vendor and partner compliance reviews, including due diligence related to data privacy and regulatory obligations.Review marketing, patient communications, and external materials for compliance riskAdvise leadership on MSO and medical group structural compliance and contracting considerationsMonitor regulatory changes and brief leadership on impact and required actionsOn-site Clinic ComplianceEnsure each office in assigned state(s) are operating within company policy, state licensing regulations and The Joint Commission Standards.Ensure that all staff in assigned state(s) are onboarded within company policy, state licensing regulations and The Joint Commission Standards.Obtain initial facility licenses for Mental Health and Substance Use Disorder Outpatient TreatmentHost and organize site visits/surveys/inspections; travel required.Maintain office space compliance for the assigned state(s)What We are Looking forStrong working knowledge of HIPAA, payer compliance and audit requirements, multi-state behavioral health licensing regulations, and regulatory frameworks governing esketamine (Spravato) and TMS treatment programsProven operator who can turn regulations into executable workflowsHigh judgment, detail-oriented, comfortable operating with autonomyAble to say no when required and explain why clearlyAbility to work in a fast paced startup environmentGrow and expand with the role and take on initiatives that grow the departmentQualifications5+ years of experience in healthcare compliance, healthcare operations, or regulatory risk management, ideally in multi-state or growth environmentsExperience supporting medical groups, MSOs, telehealth models, or behavioral health care deliveryStrong knowledge of HIPAA, healthcare regulatory frameworks, and privacy/security requirements.Experience building or managing a compliance program within a healthcare organization or healthcare technology company.Familiarity with IT compliance frameworks such as SOC 2, HITRUST, NIST, or similar regulatory/security standards.Ability to interpret complex regulatory requirements and translate them into practical operational policies and processes.Demonstrated ability to work cross-functionally with legal, clinical, and technical teams.Preferred Experience in behavioral health, telehealth, or digital health environments.Professional certifications such as CHC (Certified in Healthcare Compliance) or CHPC, strongly preferredExperience supporting organizations operating across multiple states and payer environments.BenefitsCompetitive compensation packageFull benefits including health, dental, vision, 401(k), and paid time offOpportunity to join a purpose-driven, high-growth leadership team at a pivotal moment in behavioral healthcare transformationProfessional development opportunities and trainingCollaborative and supportive work culture.If you need any accommodations for your interview please email HR@headlight.health prior to scheduling.Not meeting all the requirements? Research indicates that women, communities of color, and historically underrepresented individuals are often hesitant to apply for jobs unless they meet every qualification. We are committed to cultivating a diverse, inclusive, and genuine workplace. If you're enthusiastic about this position but your previous experience doesn't precisely match every qualification listed, we enthusiastically encourage you to submit your application. You could be the ideal candidate for this role or others!Headlight is committed to the principles of diversity, equity, and inclusiveness and seeks to create a working environment reflective of this commitment. We seek to provide a diverse clinician base to support the diversity of our clients. Headlight supports and respects diversity of people, culture, and ideas throughout our organization. Headlight thrives to be a welcoming, diverse and discrimination- and harassment-free workplace.By applying for this position, you consent to receive future communications from Headlight via email or text regarding this application and related employment opportunities. You may opt-out at anytime by contacting us directly.We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.