Senior Director of Compliance & Privacy 

About Nema Health

Nema Health is a high-growth PTSD and trauma-care startup led by clinicians and survivors. Our mission is to guide trauma survivors through every step of their healing journey—beginning with the intensive, remote delivery of Cognitive Processing Therapy (CPT). Our outcomes speak for themselves: rapid, meaningful recovery delivered with empathy, rigor, and evidence-based care.

About the Role

We are seeking a Senior Director of Compliance & Privacy to lead and scale Nema’s compliance, privacy, regulatory, audit, and risk management functions across the organization. This role will oversee compliance operations related to clinical care delivery, patient privacy, therapist practices, documentation standards, regulatory readiness, organizational policy governance, and healthcare security oversight.

The Senior Director of Compliance & Privacy will partner closely with the Chief Medical Officer, Legal, Clinical Operations, People, Product, and executive leadership to ensure Nema maintains the highest standards of compliance, privacy, clinical governance, security, and patient safety while scaling rapidly in a complex healthcare environment.

This is a highly cross-functional leadership role for a proactive, detail-oriented operator who thrives in fast-paced startup settings and is passionate about building scalable compliance and privacy infrastructure in behavioral healthcare.

Responsibilities

Compliance Program Oversight & Regulatory Management

• Lead the development, implementation, and ongoing oversight of Nema’s compliance and privacy programs across all clinical and operational functions.

• Ensure organizational adherence to applicable federal, state, and local healthcare regulations, payer requirements, licensing standards, privacy laws, and internal policies.

• Monitor changes in healthcare regulations, telehealth requirements, and privacy standards, proactively implementing operational and policy updates as needed.

• Develop and maintain scalable compliance systems, workflows, policies, SOPs, and governance processes.

• Implement policy governance standards, including standardized documentation templates and structured processes for approvals, review cycles, and version control.

• Partner cross-functionally with Clinical, Operations, Legal, People, and Product teams to operationalize compliance and privacy requirements across the organization.

• Serve as a key internal resource for regulatory interpretation, compliance guidance, and privacy-related best practices.

Privacy & HIPAA Oversight

• Oversee all privacy-related functions, including HIPAA compliance, patient confidentiality practices, and protected health information (PHI) safeguards.

• Develop and maintain privacy policies, procedures, training programs, and incident response protocols.

• Lead investigations and management of privacy incidents, breaches, and related corrective action plans.

• Ensure appropriate access controls, documentation standards, and operational safeguards are maintained across clinical and technical systems.

• Partner with Legal, Security, Product, and Operations teams to ensure privacy compliance within clinical workflows, systems, and vendor relationships.

• Support Business Associate Agreement (BAA) processes and privacy-related vendor reviews as needed.

• Partner with the organization's fractional CISO and technology leadership to ensure compliance with HIPAA Security Rule requirements, completion of security risk assessments, remediation tracking, incident response coordination, vendor risk management activities, and related regulatory obligations.

Audits, Monitoring & Risk Management

• Lead routine and targeted compliance audits across clinical documentation, therapist practices, patient care workflows, operational processes, and privacy controls.

• Identify compliance gaps, operational risks, and privacy vulnerabilities; develop and monitor corrective and preventive action plans.

• Oversee chart review processes and documentation quality initiatives to ensure compliance with clinical and regulatory standards.

• Maintain accurate records of audits, findings, investigations, corrective actions, and compliance activities.

• Develop risk monitoring systems and reporting mechanisms that support organizational growth and accountability.

Incident Management, Complaints & Clinical Governance

• Oversee incident reporting, investigation, documentation, escalation, and resolution processes across the organization.

• Partner with clinical leadership to ensure appropriate management of patient safety concerns, high-risk events, and compliance-related incidents.

• Oversee compliance processes related to patient complaints, grievances, and appeals, ensuring timely investigation and resolution in accordance with regulatory and organizational standards.

• Analyze incident, grievance, and privacy-related trends to identify systemic risks and improvement opportunities.

• Ensure strong governance practices related to therapist documentation, supervision standards, informed consent, patient rights, and privacy protections.

Regulatory Readiness & Organizational Oversight

• Lead organizational readiness for audits, surveys, regulatory reviews, and payer oversight activities.

• Coordinate preparation activities, documentation reviews, corrective action plans, and follow-up initiatives related to regulatory or accreditation processes.

• Partner with leadership to ensure continuous readiness and sustained compliance across clinical operations and corporate functions.

• Serve as a primary point of contact during external audits, investigations, privacy reviews, or compliance inquiries.

Training, Education & Reporting

• Educate leadership and staff on compliance expectations, privacy standards, documentation requirements, and regulatory updates.

• Develop and maintain compliance dashboards, privacy metrics, and reporting systems to assess organizational risk and program effectiveness.

• Prepare regular compliance and privacy reports for senior leadership and executive stakeholders.

• Support compliance committee activities, policy governance, and organizational accountability initiatives.

Qualifications

Required

• Bachelor’s degree in healthcare administration, public health, nursing, behavioral health, business, law, or related field required; advanced degree preferred.

• Minimum 5 years of progressive healthcare compliance, privacy, audit, risk management, or regulatory experience, with at least 2 years in a leadership role

• Required experience working within high-growth or early-stage startup environments.

• Strong working knowledge of HIPAA, healthcare privacy regulations, clinical documentation standards, patient rights, incident reporting, and licensure requirements.

• Familiarity with healthcare security frameworks, HIPAA Security Rule requirements, vendor risk management, and cross-functional collaboration with security and IT teams.

• Experience managing audits, investigations, incident reporting systems, complaints/grievances, privacy incidents, and corrective action planning.

• Strong understanding of behavioral healthcare operations and compliance considerations within clinical environments.

• Exceptional organizational, analytical, communication, and problem-solving skills.

• Ability to manage sensitive and confidential information with discretion and professionalism.

• Strong operational mindset with the ability to build scalable systems and processes.

• Mission-driven and committed to high-quality, patient-centered care.

Preferred

• Certification in healthcare compliance or privacy (e.g., CHC, CHPC, CHPS, CIPP).

• Experience supporting behavioral health accreditation or regulatory readiness initiatives.

• Experience partnering with security leadership, CISOs, or external security vendors in healthcare or digital health environments.

• Experience with compliance reporting systems, privacy monitoring frameworks, and quality dashboards.

• Experience supporting remote or distributed healthcare organizations.

Why Join Nema

We’re a growing team of clinicians and operators united by a shared mission: to reduce suffering for people with PTSD and other trauma related disorders. As part of Nema, you’ll help build a company where both patients and employees can thrive.

What We Offer

• This is a full-time, exempt position with a salary range of $180,000–$200,000 annually, dependent upon experience, qualifications, and market considerations

• This role is also eligible for competitive equity, reflecting the impact and scope of the position at an early-stage, mission-driven company

• Comprehensive benefits include healthcare stipend, 401(k) with matching, and stipends for work-from-home productivity and continued education

• Generous PTO and flexible work hours

• Remote-first culture with supportive team norms

• Inclusive, trauma-informed leadership

• Opportunity to grow with a fast-moving, mission-driven company