What are the responsibilities and job description for the Compliance Manager position at Headlight?
Join a team that’s transforming mental healthcare. Founded by psychiatrists, Headlight is more than a company: it’s a movement. A movement that exists on the front lines of the mental health crisis, transforming the way people access care and the way clinicians deliver it. In order to help people in their time of need and ensure that every person who comes to us has options, we are transparent about our capabilities, treatments, and coverage, we champion innovation, and we leverage our rich data to continuously implement better ways of delivering care. Our mission is simple but powerful: Improving lives, one session at a time.
Our highly skilled and principled clinical team enjoys autonomy and institutional support so they can put their focus where it should be: on improving patient outcomes. Our clinicians want to do more than help individual clients, so they work to affect the system as a whole, elevating standards of care so that their efforts reverberate far beyond what they could do in private practice.
As the most trusted behavioral health partner in the Western U.S., we’ve established deep relationships that give us unparalleled access, interoperability, and first-priority referrals. This exclusivity, combined with our best-in-class coordinated care and feedback loops, results in superior outcomes and cost savings.
Our services are convenient, accessible, and expert, combining personalized client engagement with advanced technology to enhance, not replace, human connection. Indeed, we hold that human-to-human relationships are indispensable, so from the match to the session to the time between sessions, we provide whole person care so nobody falls through the cracks and there is a brighter path forward for all.
The Compliance Manager will oversee healthcare regulatory compliance (including HIPAA and state licensing requirements), while also partnering with internal stakeholders across Legal, Clinical Operations, IT, and Security to ensure the organization maintains strong operational controls and regulatory readiness.
This role will help design and operationalize the company’s compliance framework, proactively identify risks, and ensure our policies and practices support ethical, compliant care delivery.
\n- Make things easier.
- Forge genuine connections.
- Elevate the standard.
- Develop, implement, and maintain the company’s enterprise compliance program, including policies, procedures, and internal controls aligned with healthcare regulatory standards.
- Serve as the organization’s Privacy Officer, monitoring adherence to applicable federal and state healthcare regulations.
- Establish and maintain a compliance monitoring and auditing program to proactively identify risks and ensure operational compliance.
Audit Readiness & Risk Management
-
Conduct internal audits and compliance reviews
-
Lead payer audit preparation and response support
-
Manage HIPAA Security Risk Assessments and remediation efforts, internally or through vendors
-
Identify and mitigate regulatory risk before it becomes operational or financial exposure
-
Ensure compliance with key healthcare regulations including HIPAA, HITECH, state licensing requirements, telehealth regulations, and payer compliance obligations.
-
Monitor regulatory changes across the healthcare landscape and translate requirements into operational policies and procedures.
-
Support clinical and operational teams in maintaining compliance with documentation, privacy, and care delivery requirements.
-
Oversee compliance for telehealth
-
Ensure compliance with HIPAA Privacy and Security, Anti-Kickback Statute, Stark Law, CMS rules, and state regulations
-
Review clinical workflows, documentation standards, and care team roles for regulatory alignment
-
Evaluate new service lines, partnerships, and initiatives for compliance and reimbursement risk
-
Ensuring proper operating procedures are in place for compliance relating to employee onboarding and client admissions, clinical documentation, treatment, and discharge.
Privacy & Data Protection
-
Partner with IT and Security teams to oversee HIPAA privacy and security compliance, including policies governing PHI, access controls, and incident response.
-
Lead internal investigations related to potential privacy or compliance violations and coordinate remediation efforts.
Risk Management & Auditing
-
Conduct periodic compliance risk assessments and internal audits across clinical, operational, and technical systems.
-
Develop corrective action plans when gaps are identified and ensure timely resolution.
-
Prepare the organization for regulatory reviews, audits, and accreditation processes when applicable.
-
Conducts bench testing/auditing of business activities to confirm that compliance controls are operating effectively.
-
Leverages data analytics and investigative techniques to identify compliance trends, assess risks, and share actionable insights with key stakeholders.
-
Assist to ensure that ongoing regulatory and accreditation requirements such as internal inspections, written assessments, and emergency drills are completed on time.
Cross-Functional Collaboration
-
Work closely with Legal, HR, Clinical Leadership, IT, Security, and Operations to integrate compliance practices into day-to-day workflows.
-
Support vendor and partner compliance reviews, including due diligence related to data privacy and regulatory obligations.
-
Review marketing, patient communications, and external materials for compliance risk
-
Advise leadership on MSO and medical group structural compliance and contracting considerations
-
Monitor regulatory changes and brief leadership on impact and required actions
On-site Clinic Compliance
-
Ensure each office in assigned state(s) are operating within company policy, state licensing regulations and The Joint Commission Standards.
-
Ensure that all staff in assigned state(s) are onboarded within company policy, state licensing regulations and The Joint Commission Standards.
-
Obtain initial facility licenses for Mental Health and Substance Use Disorder Outpatient Treatment
-
Host and organize site visits/surveys/inspections; travel required.
-
Maintain office space compliance for the assigned state(s)
-
Strong working knowledge of HIPAA, payer compliance and audit requirements, multi-state behavioral health licensing regulations, and regulatory frameworks governing esketamine (Spravato) and TMS treatment programs
-
Proven operator who can turn regulations into executable workflows
-
High judgment, detail-oriented, comfortable operating with autonomy
-
Able to say no when required and explain why clearly
- Ability to work in a fast paced startup environment
- Grow and expand with the role and take on initiatives that grow the department
-
5 years of experience in healthcare compliance, healthcare operations, or regulatory risk management, ideally in multi-state or growth environments
-
Experience supporting medical groups, MSOs, telehealth models, or behavioral health care delivery
-
Strong knowledge of HIPAA, healthcare regulatory frameworks, and privacy/security requirements.
-
Experience building or managing a compliance program within a healthcare organization or healthcare technology company.
-
Familiarity with IT compliance frameworks such as SOC 2, HITRUST, NIST, or similar regulatory/security standards.
-
Ability to interpret complex regulatory requirements and translate them into practical operational policies and processes.
-
Demonstrated ability to work cross-functionally with legal, clinical, and technical teams.
-
Preferred Experience in behavioral health, telehealth, or digital health environments.
-
Professional certifications such as CHC (Certified in Healthcare Compliance) or CHPC, strongly preferred
-
Experience supporting organizations operating across multiple states and payer environments.
-
Regulatory expertise
-
Risk identification and mitigation
-
Policy development and implementation
-
Cross-functional leadership
-
Ethical decision-making and accountability
-
Competitive compensation package
-
Full benefits including health, dental, vision, 401(k), and paid time off
-
Opportunity to join a purpose-driven, high-growth leadership team at a pivotal moment in behavioral healthcare transformation
-
Professional development opportunities and training
-
Collaborative and supportive work culture.
If you need any accommodations for your interview please email HR@headlight.health prior to scheduling.
Not meeting all the requirements? Research indicates that women, communities of color, and historically underrepresented individuals are often hesitant to apply for jobs unless they meet every qualification. We are committed to cultivating a diverse, inclusive, and genuine workplace. If you're enthusiastic about this position but your previous experience doesn't precisely match every qualification listed, we enthusiastically encourage you to submit your application. You could be the ideal candidate for this role or others!
Headlight is committed to the principles of diversity, equity, and inclusiveness and seeks to create a working environment reflective of this commitment. We seek to provide a diverse clinician base to support the diversity of our clients. Headlight supports and respects diversity of people, culture, and ideas throughout our organization. Headlight thrives to be a welcoming, diverse and discrimination- and harassment-free workplace.
By applying for this position, you consent to receive future communications from Headlight via email or text regarding this application and related employment opportunities. You may opt-out at anytime by contacting us directly.
Job Postings on Indeed and other job boards may post with total compensation (base bonus). For the exact base salary range please check our website or our job-site
Salary : $90,000 - $110,000