The Massachusetts League of Community Health Centers (League) was founded in 1972 as one of the country's first state Primary Care Associations (PCAs). Established under the same federal authorizing legislation as the health center program (Section 330 of the Public Health Service Act), PCAs are organized around a set of core functions and competencies that provide a framework for support and assistance to health centers and the communities they serve. The League is a non-profit 501(c)(3) organization registered as a public charity with the Secretary of the Commonwealth. It maintains a professional staff at its headquarters in Boston and its training center in Worcester.
Position Summary: The Compliance & Risk Manager will report to the Chief Legal & Compliance Officer in his capacity as Chief Compliance Officer for compliance duties and regulatory risk duties, with a dotted line to the SVP, Business Development & Strategy for operational risk management projects.
The Compliance & Risk Manager will assist the Chief Compliance Officer in carrying out functions required under the League's corporate compliance program and regulatory risk management program. The role will also ensure that the MLCHC's student loan repayment programs operating procedures comply with applicable federal and state laws and regulations as well as contracts covering the student loan repayment program. The Compliance & Risk Manager will work with management and staff to identify and manage the regulatory risk of the student loan repayment programs, and will be responsible for identification, prevention, monitoring and detection, resolution, and advisory functions as it relates to student loan repayment program compliance and audit initiatives. The role will also bridge the League's cybersecurity and risk initiatives and ensure adherence to best practices across all League departments.
Under operational risk management, the role will also assist the SVP of Business Development & Strategy in identifying, assessing, mitigating, and reporting on all financial, operational, and reputational risks; conducting quarterly risk assessments/reviews and providing mitigation recommendations maintaining risk register; tracking risk items and provide status updates on new and existing risks; and conducting quarterly control assessment reviews.
Essential Functions: (The following is a list of essential functions, which may be subject to change at any time and without advance notice. Management may assign new duties, reassign existing duties, or eliminate a role. Responsibilities include but may not be limited to the following.) Under the direction of the Chief Compliance Officer, the Compliance & Risk Manager will identify program regulatory and compliance risks and advise on compliance mechanisms to avoid or address them. In addition, the Compliance & Risk Manager will:
- Assist the Chief Compliance Officer with developing and implementing a comprehensive Corporate Compliance Program and Risk Management Program for the Mass League and its subsidiaries CommonWealth Purchasing Group, LLC and the Institute for Health Equity Research Evaluation & Policy, Inc.
- Work with the Chief Compliance Officer on compliance and regulatory risk management program governance, including, but not limited to, attending, presenting, and conducting follow up to Compliance Committee and Board meetings
- Assist the Chief Compliance Officer with executing research involving human subjects and Anti-Kickback Statute compliance functions
- Evaluate existing procedures and SOPs to ensure compliance with internal student loan repayment policies and the requirements of applicable regulatory agencies. Additionally, ensure alignment with the task orders, master agreements, or other state contract documents as applicable
- Support the Office of the Chief Compliance Officer, as appropriate, as well as outside consultants, in building contract compliance oversight and monitoring function for student loan repayment programs
- Evaluate compliance and governance functions as it relates to operations, finance, and customer service of the loan repayment software system
- Review and assess current student loan repayment operations infrastructure and identify any gaps, risks, and areas of improvements
- Make suggestions regarding updates to internal procedures to drive greater levels of compliance
- Manage issue resolution process identified to escalate, resolve, and trend issues to create appropriate risk mitigation and controls to improve compliance and regulatory process.
- Assist the Chief Compliance Officer or their designee in establishing and implementing compliance policies and procedures, including performing periodic compliance audits.
- Provide compliance guidance and training to all staff.
- Work closely with the Office of the General Counsel to identify and investigate compliance issues and risks and suggest ways to prevent or resolve them
- Manage regulatory and compliance risk and compliance documentation needs
- Communicate with compliance and risk counsel on legal issues
- Develop and implement compliance and risk programs: The Compliance and Risk Manager will create and implement programs to help the organization comply with Federal and State data security laws and internal compliance standards which include, but are not limited to, the management of:
- SOPs for student loan repayment program: ensure compliance and outline risk initiatives.
- Student loan repayment compliance / governance policy (overview of initiatives outlined in this memo)
- Adherence to Written Information Security Plan (WISP)
- Safeguarding PI and treatment of all records including record retention policy
- Safeguarding PI and accurate treatment of all activity as it relates to SOP and governing procedures
- Employee and contractor annual security training (see details below)
- Electronic records policy
- Secure protocol administration for all systems that contain PI:
- Access control
- Same role parity and assess maker / checker functionality
- Passwords
- Adherence to Disaster Recovery and Business Continuity Plan
- Creation of a continuous improvement plan.
- Making compliance risk and regulatory recommendations and preparing reports:
- Conducting audits: Conduct internal audit to ensure ongoing compliance and to prepare the student loan repayment programs for successful external regulatory and compliance testing and audits.
- Compliance Training: Assist with development and/or rollout of training modules annually.
- Operational Risk Management duties include, but are not limited to:
- Support Finance Department to develop and implement a process for disbursement of loan repayment funds to loan servicers to ensure compliance with master agreement, task orders or other contract documents, and any governing agencies that support money movement and transfer
- Provide support to student loan repayment leadership and team for operations for MA Repay Support compliance function for the loan repayment software system implementation
- Preparing quarterly and annual audit reports
- Continuous improvement and monitoring of risks and controls
- Risk Control Self-Assessment - Annual
- Identify people, process, technology and security processes and risks
- Assess and rate risks as connected to the annual risk assessment
- Identify existing controls and rate effectiveness.
- Document ratings, findings and opportunities for improvement (OFI)
- Prepare Risk Treatment Plan based on approved rating documentation.
- Mitigation, Acceptance and Action Plan to improve.
- Documentation and Recordkeeping of the Plan
- Operational Risk Assessment - Annual
- Control Report - Quarterly and based on Control Mitigation Plan and
- Audit Report - Quarterly
- Audit Report - Annual Roll up
- Collaboration with the Office of the General Counsel: Ensure that the SOP's and policy documentation comply with applicable laws.
- Managing documentation:Manage the documentation and resources used by the compliance team.
- Documentation of SOPs reflect accurate process
- Creation of a change order and renewal process
- Ongoing documentation of SOPs
Competencies/Skills: - Demonstrated proficiency with MS Office applications, especially Word, Excel and PowerPoint
- Knowledge of project management software
- Proven ability to juggle multiple projects simultaneously
- Excellent oral communications skills; ability to communicate effectively with the public
- Commitment to working to promote the healthcare of vulnerable population
Education/Experience: - Bachelor's degree in business, health care management, or relevant education required
- 5 years in compliance and risk management required
- Experience administering compliance and risk management programs required
- Experience completing compliance or risk audits required
Requirements: The physical demands described here represent those that an employee must meet to perform the essential functions of this job successfully. While performing the duties of this job, the employee is required to talk and hear regularly. The employee must be able to remain in a stationary position 80% of the time . click apply for full job details