11,866 Contract Compliance jobs in the United States

Job Description

Description:

POSITION SUMMARY

The Director of Compliance & Risk Management serves as a strategic leader responsible for overseeing organizational compliance, quality, and risk mitigation efforts. Serving as both the Compliance Officer and HIPAA Privacy Officer of record, this position is responsible for monitoring the organization's program procedures, employees/agents to ensure compliance with appropriate state, federal and local regulations as they relate to compliance, billing, and documentation.

The Director fosters a culture of accountability, safety, and continuous improvement, advancing Kelberman’s mission to provide high-quality, person-centered care. Keeping in alignment with pertinent regulatory bodies including but not limited to OMIG, OIG, OPWDD, SED, OCFS.

ESSENTIAL RESPONSIBILITIES

Role responsibilities include but are not limited to the following:

· Lead the development, implementation, and oversight of the agency’s Compliance and Risk Management programs.

· Serve as the agency’s Compliance Officer (OMIG/OIG) and Privacy Officer (HIPAA), ensuring alignment with all relevant regulatory bodies (OPWDD, DOH, SED, OCFS, CMS, DOH, etc.)

· Develop and maintain policies, procedures, and audit plans that promote regulatory compliance, data privacy, and ethical conduct.

· Conduct analysis to determine trends and generate appropriate reports. Compiles statistical data for executive team and Board of Directors, as requested.

· Support initiatives of the organization’s quality management plan including but not limited to data collection, performance improvement, and client satisfaction efforts.

· Manage incident reporting and investigations, including oversight of the 24/7 incident hotline and IRMA submissions.

· Communicates and applies regulatory updates/changes in a timely manner; keeps current through emails, conferences, websites, meetings, etc.; anticipates and plans for the implementation of pending and/or proposed rules.

· Works closely with IT to oversee the development, maintenance, and monitoring of electronic security systems and protocols.

· Keeps management informed on the operation and progress of the organizations’ Compliance, Quality and Incident Management efforts.

· Supervise responses to external audits and surveys; coordinate corrective actions as needed.

· Deliver compliance, risk, and HIPAA training to staff and leadership.

· Collaborate with HR on investigations involving staff conduct or regulatory concerns.

· Maintain readiness for OPWDD DQI surveys and support site accreditation initiatives.

· Cultivate relationships with regulatory agencies and peer organizations to remain current on evolving standards.

· Lead and contribute to internal committees and special projects aligned with compliance goals.

JOB REQUIREMENTS

• Bachelor’s Degree in related field preferred.
• Minimum of five (5) years of progressively responsible management experience in compliance, risk management or quality roles within the field of autism, developmental disabilities, education, health care or mental health services, a portion of which took place in New York State.
• Excellent verbal and written communication skills.
• Excellent analytical skills and ability to accurately interpret complex documents and policies.
• Excellent organizational skills and attention to detail.
• Excellent time management skills with proven ability to meet deadlines.
• Ability to comprehend, interpret, and apply the appropriate sections of applicable laws, guidelines, regulations, ordinances, and policies.
• Highest level of integrity, excellent judgment, and demonstrated ability to maintain confidentiality.
• Knowledge and understanding of legal requirements related to privacy, technology, clinical and compliance issues.
• Ability to remain tactful, calm, and persuasive in controversial and/or confrontational situations.
• Applies and actively shares knowledge, expertise and best practices with team.

An equivalent combination of education and experience which provides proficiency in the areas of responsibility listed above may be substituted for the above education and experience requirements.

Global Compliance

Our division prevents, detects and mitigates compliance, regulatory and reputational risk across the firm and helps to strengthen the firm's culture of compliance. Compliance accomplishes these through the firm's enterprise-wide compliance risk management program. As an independent control function and part of the firm's second line of defense, Compliance assesses the firm's compliance, regulatory and reputational risk; monitors for compliance with new or amended laws, rules and regulations; designs and implements controls, policies, procedures and training; conducts independent testing; investigates, surveils and monitors for compliance risks and breaches; and leads the firm's responses to regulatory examinations, audits and inquiries. You'll be part of a team with members from a wide range of academic and professional backgrounds, such as law, accounting, sales, and trading. We look for those who possess sound judgment, curiosity, and are able to adapt to a changing regulatory landscape.

Core Compliance

Core Compliance is a team within Global Compliance that is responsible for implementing and maintaining the firm's integrated regulatory compliance program, which includes risk assessments, regulatory change management, regulatory inventory management, policies, and training. The Regulatory Inventory Management (RIM) group in Core Compliance is responsible for identifying and monitoring regulatory changes that impact the firm's inventory of global laws, rules and regulations and their corresponding regulatory compliance obligations.

Responsibilities and Qualifications

Core Compliance RIM is at the forefront of ensuring our firm's compliance program is best in class. RIM's key responsibilities are developing and implementing a program that:

• Collaborates with the regulatory change management team to receive applicable regulatory updates (i.e. new and revised rule changes issued via proposed/final rules) issued by global regulators that may impact the firm's regulatory inventory;
• Reviews relevant regulatory updates for potential changes to the regulatory inventory;
• Drafts/edits regulatory compliance obligations and publishes them in the inventory on or before their effective/compliance date;
• Communicates relevant inventory additions/deletions to subject matter experts within the firm to determine impact(s) and implement changes in a timely manner; and
• Tracks and reports the status of relevant regulatory inventory updates.

We are looking for someone who is analytical with a versatile mix of legal, compliance and/or business experience with a focus on regulatory identification, change and/or inventory management and implementation. The team member should be very comfortable reading and interpreting regulatory notices and changes from regulators globally, including but not limited to federal prudential regulators in the US, self-regulatory organizations, and exchanges.

Principal Responsibilities:

• Assist with strategy for enhancing the regulatory inventory management program
• Review and analyze regulatory change notices in multiple countries
• Maintain and update the global regulations inventory, including drafting obligations
• Communicate with stakeholders to understand relevance of regulatory updates and applicability to various business lines
• Assist with end-to-end workflow of maintaining the regulatory inventory

Qualifications:

• Bachelor's degree required
• Law degree preferred
• Minimum of 3 years' experience in legal, compliance and/or risk management in the financial services industry
• Extensive knowledge of global regulators and the RCM process preferred
• Experience in utilizing or maintaining a repository of laws/rules/regulations and their corresponding obligations (e.g. GRC platform) preferred
• Proven experience in managing change in a dynamic environment across multiple entities, businesses, functions and/or jurisdictions
• Strong communication and relationship-building skills in frequent interaction with other areas of the firm, in particular, senior stakeholders
• Exceptional analytical, problem solving, critical thinking and project management skills with a proven track record of execution against deadlines
• Detail-oriented and able to produce quality work product, even when managing time-sensitive demands from competing stakeholders
• Work independently and exercise strong judgment
• MS Office proficiency; Advanced PowerPoint and Excel skills preferred
  
  

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

OSI Systems and its subsidiaries is a vertically integrated provider of specialized electronic systems and for components that meet the critical needs in the homeland security, healthcare, defense, and aerospace industries. As a global company, we are dedicated to developing solutions for our customers and the people they serve to lead the way to a safer and healthier world.

OSI Systems is seeking a Director, Compliance Governance Risk Management. This individual will be responsible for managing various elements of OSI Systems, Inc.'s (OSI's) Ethics & Compliance Program. They will also ensure that OSI's compliance program is consistent with applicable laws, industry standards, policies and regulations. In addition, they will oversee certain global compliance programs, including the company's efforts implementing policies and procedures, risk management efforts, developing training programs, and auditing compliance related matters that are applicable across all OSI divisions (Security, Medical, and Optoelectronics).

• Develop and implement a series of comprehensive programs, policies, processes, controls, and training programs to ensure that the company operates with integrity and in accordance with applicable laws and contractual obligations.
• Manage a comprehensive risk assessment and evaluation process to evaluate the company's risks related to ethics, compliance, privacy, and security laws and regulations.
• Coordinate ongoing implementation and enforcement of OSI's Code of Ethics & Conduct across all business divisions in the assigned region.
• Establish and administer a program for investigating and acting on compliance, privacy, and security complaints, including management of the company's anonymous reporting hotline.
• Lead global compliance training programs, including content sourcing and delivery objectives.
• Ensure company compliance policies and practices are consistent with OSI global policies and practices.
• Design and implement controls and risk assessments related to the company's products and services from a data privacy perspective.
• Consult with corporate attorneys as necessary to address difficult legal compliance issues.
• Lead investigation activities related to compliance and ethics matters.
• Support M&A due diligence reviews with corporate acquisition targets.
• Uphold the company's core values of Integrity, Innovation, Accountability, and Teamwork.
• Demonstrate behavior consistent with the company's Code of Ethics and Conduct. Ensure that direct report(s) are trained and evaluated on their knowledge and adherence to the company's values, Code of Ethics and Conduct, and applicable compliance policies.
• It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem.
• Duties may be modified or assigned at any time to meet the needs of the business.

• Bachelor's Degree or equivalent experience may be considered in lieu of a degree.
• Must have at least ten (10) years in a compliance role (preferably non-financial compliance experience).
• Should have broad compliance experience with a wide variety of international regulations affecting various industries.
• Experience developing, implementing and monitoring ethics and compliance-related policies and procedures is essential.
• Knowledge and understanding of regulations pertaining to international anti-corruption regulations (including the UK Bribery Act and the US Foreign Corrupt Practices Act) necessary.
• Knowledge and understanding of regulations pertaining to information privacy (including the GDPR/UK DPA 2018, California Consumer Privacy Act, etc.) required.
• Knowledge and understanding of Due Diligence standards as they relate to third-party risks is needed.
• Must have strong verbal and written communication skills including ability to interact positively with a wide variety of individuals.
• Demonstrated experience identifying and resolving compliance and legal issues quickly and effectively.
• Prior experience working for a US-based, international company desired.
• Proficiency in additional languages would be an asset (including German, Russian, or French).
• Must be proficient in Microsoft Word, Excel and PowerPoint.
• Travel may be required but minimal (domestic and international).

#LI-Hybrid

Please review our benefits here: Life at OSI
The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location and date of hire. Please note that the salary information shown above is a general guideline only. Salaries are based upon candidate experience and qualifications, as well as market and business considerations.

NOTICE TO THIRD PARTY AGENCIES

OSI Systems, Inc. and its subsidiaries (collectively "OSI") does not accept unsolicited resumes from recruiters or employment agencies. If any person or entity, including a recruiter or agency, submits any information, including any resume or information regarding any potential candidate, without a signed agreement in place with OSI, OSI explicitly reserves the right to use such information, and pursue and/or hire such candidates, without any financial obligation to the person, recruiter or agency. Any unsolicited information or resumes, including those submitted directly to hiring managers, are considered and deemed to be the property of OSI.

Equal Opportunity Employer - Disability and Veterans

Know Your Rights

Poster Link:

OSI Systems, Inc. has three operating divisions: (a) Security, providing security and inspection systems, turnkey security screening solutions and related services; (b) Healthcare, providing patient monitoring, diagnostic cardiology and anesthesia systems; and (c) Optoelectronics and Manufacturing, providing specialized electronic components and electronic manufacturing services for original equipment manufacturers with applications in the defense, aerospace, medical and industrial markets, among others.

• Assist the Chief Compliance Officer with developing and implementing a comprehensive Corporate Compliance Program and Risk Management Program for the Mass League and its subsidiaries CommonWealth Purchasing Group, LLC and the Institute for Health Equity Research Evaluation & Policy, Inc.
• Work with the Chief Compliance Officer on compliance and regulatory risk management program governance, including, but not limited to, attending, presenting, and conducting follow up to Compliance Committee and Board meetings
• Assist the Chief Compliance Officer with executing research involving human subjects and Anti-Kickback Statute compliance functions
• Evaluate existing procedures and SOPs to ensure compliance with internal student loan repayment policies and the requirements of applicable regulatory agencies. Additionally, ensure alignment with the task orders, master agreements, or other state contract documents as applicable
• Support the Office of the Chief Compliance Officer, as appropriate, as well as outside consultants, in building contract compliance oversight and monitoring function for student loan repayment programs
• Evaluate compliance and governance functions as it relates to operations, finance, and customer service of the loan repayment software system
• Review and assess current student loan repayment operations infrastructure and identify any gaps, risks, and areas of improvements
• Make suggestions regarding updates to internal procedures to drive greater levels of compliance
• Manage issue resolution process identified to escalate, resolve, and trend issues to create appropriate risk mitigation and controls to improve compliance and regulatory process.
• Assist the Chief Compliance Officer or their designee in establishing and implementing compliance policies and procedures, including performing periodic compliance audits.
• Provide compliance guidance and training to all staff.
• Work closely with the Office of the General Counsel to identify and investigate compliance issues and risks and suggest ways to prevent or resolve them
• Manage regulatory and compliance risk and compliance documentation needs
• Communicate with compliance and risk counsel on legal issues
• Develop and implement compliance and risk programs : The Director of Corporate Compliance & Risk Management will create and implement programs to help the organization comply with Federal and State data security laws and internal compliance standards which include, but are not limited to, the management of:
  • SOPs for student loan repayment program: ensure compliance and outline risk initiatives.
  • Student loan repayment compliance / governance policy (overview of initiatives outlined in this memo)
  • Adherence to Written Information Security Plan (WISP)
  • Safeguarding PI and treatment of all records including record retention policy
  • Safeguarding PI and accurate treatment of all activity as it relates to SOP and governing procedures
  • Employee and contractor annual security training (see details below)
  • Electronic records policy
  • Secure protocol administration for all systems that contain PI:
    • Access control
    • Same role parity and assess maker / checker functionality
    • Passwords
  • Adherence to Disaster Recovery and Business Continuity Plan
  • Creation of a continuous improvement plan.
  • Making compliance risk and regulatory recommendations and preparing reports:

• Conducting audits: Conduct internal audit to ensure ongoing compliance and to prepare the student loan repayment programs for successful external regulatory and compliance testing and audits.
• Compliance Training: Assist with development and/or rollout of training modules annually.
• Operational Risk Management duties include, but are not limited to:
  • Support Finance Department to develop and implement a process for disbursement of loan repayment funds to loan servicers to ensure compliance with master agreement, task orders or other contract documents, and any governing agencies that support money movement and transfer
  • Provide support to student loan repayment leadership and team for operations for MA Repay Support compliance function for the loan repayment software system implementation
  • Preparing quarterly and annual audit reports
    • Continuous improvement and monitoring of risks and controls
  • Risk Control Self-Assessment - Annual
    • Identify people, process, technology and security processes and risks
    • Assess and rate risks as connected to the annual risk assessment
    • Identify existing controls and rate effectiveness.
    • Document ratings, findings and opportunities for improvement (OFI)
    • Prepare Risk Treatment Plan based on approved rating documentation.
    • Mitigation, Acceptance and Action Plan to improve.
    • Documentation and Recordkeeping of the Plan
• Operational Risk Assessment - Annual
• Control Report - Quarterly and based on Control Mitigation Plan and
• Audit Report - Quarterly
• Audit Report - Annual Roll up
• Collaboration with the Office of the General Counsel:
  • Ensure that the SOP's and policy documentation comply with applicable laws.
• Managing documentation:
  • Manage the documentation and resources used by the compliance team.
  • Documentation of SOPs reflect accurate process
  • Creation of a change order and renewal process
  • Ongoing documentation of SOPs

• Demonstrated proficiency with MS Office applications, especially Word, Excel and PowerPoint
• Knowledge of project management software
• Proven ability to juggle multiple projects simultaneously
• Excellent oral communications skills; ability to communicate effectively with the public
• Commitment to working to promote the healthcare of vulnerable population

• Bachelor's degree in business, health care management, or relevant education required; graduate degree in law, business, or related field preferred, but not required.
• 5 years in compliance and risk management required
• Experience administering compliance and risk management programs required
• Experience completing compliance or risk audits required

The Human Resources Research Organization (HumRRO) is a non-profit leader in developing high-impact services and products in the arenas of employment, military, student testing, and professional credentialing and licensure. We work with federal and state government agencies, private sector organizations, and professional associations.

About the Organization

As a non-profit, HumRRO is dedicated to work that contributes to science and society. Our employees enjoy a highly collaborative and supportive environment that fosters innovation, ethical practice, and outstanding customer service. Our core operational staff includes Industrial-Organizational Psychologists, Educational Researchers, and Behavioral Science Consultants. We are committed to supporting a diverse workforce and to practicing equity and inclusion for all staff.

About the Job

We are seeking a Senior Cybersecurity Engineer to lead our enterprise compliance and security programs across federal, state, and private sector engagements. This role manages multiple compliance frameworks including CMMC, FedRAMP, SCRM, NIST 800-171/53, and ISO 27001:2022 regulatory requirements. You will work on compliance standards across hybrid cloud environments while leading a team of junior engineers conducting vulnerability assessments and security scanning operations. A significant portion of this role involves creating security documentation, developing compliance policies, responding to time-critical security requirements from clients, and managing third-party compliance audits.

As a Senior Cybersecurity Engineer, you will:

• Lead enterprise cybersecurity compliance programs (CMMC, FedRAMP, SCRM, NIST frameworks, ISO 27001:2022)
• Manage monthly compliance reporting and KPI dashboards for executive leadership
• Coordinate third-party compliance audits (NIST 800-171, CMMC, ISO 27001, FedRAMP) and remediation activities
• Maintain compliance evidence catalogs and SaaS compliance implementation controls
• Evaluate and implement security controls across software applications and cloud platforms AWS, Azure, and Office 365
• Oversee Risk Management Framework (RMF) processes for government contract organizations as well as applications in the DoD space (ATO/IATT/IATO documentation)
• Conduct weekly Plan of Action and Milestone (POA&M) reviews and monthly security assessments
• Develop and maintain security policies, procedures, and technical standards
• Lead vulnerability management programs & conduct security assessments and penetration testing coordination
• Manage business continuity of operations (COOP) program including disaster recovery and crisis management plans
• Lead incident response and security event investigation
• Mentor and manage junior cybersecurity engineers and analysts
• Interface with federal agencies, auditors, and compliance assessors
• Work with system architects for security requirements on existing cloud workloads, cloud migrations and/or hybrid environments
• Facilitate and oversee completion of all customers' cyber security questionnaires and qualifications with time-critical deadlines
• Coordinate with HumRRO Contracts Division on written responses to RFPs regarding IT security, controls, data privacy and regulatory compliance
• Assist with implementation and administration of cybersecurity supply chain risk management (C-SCRM) program
• Develop compliance documentation and security narratives for proposals
• Support business development with technical security expertise
• Serve as subject matter expert on internal security controls and regulations

Minimum Requirements:

• US Citizen with ability to obtain/maintain security clearance
• Work on-site at Alexandria VA (Up to 2 remote days possible after probation period)
• Bachelor's degree in Cybersecurity, Computer Science, or equivalent field. Work experience may be considered in lieu of degree
• 7+ years of cybersecurity engineering and compliance experience
• 5+ years of enterprise experience managing Risk and Compliance efforts including multiple regulatory and standard security frameworks
• Existing Security+ certification or the ability to obtain within 6 months (CISSP, CCSP, or CISM preferred)
• Deep expertise in NIST 800-171, 800-53, RMF, and DoD compliance frameworks
• Hands-on experience with CMMC and FedRAMP authorization processes
• Proficiency in Office 365 security configuration and management
• Experience with vulnerability scanning tools (e.g. ACAS, Nessus, Rapid7, Qualys or equivalent)
• Strong analytical and information gathering skills with ability to work multiple tasks simultaneously under short deadlines
• Excellent communication skills for stakeholder engagement

Preferred:

• Active DoD clearance
• Experience in the nonprofit sector managing IT or related activities
• CMMC Certified Professional (CCP) or CMMC Certified Assessor (CCA)
• Experience with FedRAMP 3PAO assessments
• Knowledge of Supply Chain Risk Management (SCRM) frameworks
• AWS certifications (Solutions Architect, Security Specialty preferred)
• Experience with DevSecOps pipeline integration and IAC
• CISSP, CCSP, CISM, or CISSP-ISSAP certifications
• Knowledge of DoD STIG implementation and automated compliance tools
• Federal contracting and audit experience
• Experience with Atlassian suite (Jira, Confluence)
• Experience with eMASS package development and continuous monitoring activities
• Experience with STIG implementation and SCAP compliance validation
• Experience with bi-annual COOP testing and crisis management plan development
• Leadership experience managing technical teams
• People Management Experience is a plus

The anticipated salary for this role is $100,000 to $155,000. Specific salary offers are based on candidate qualifications and experience.

Benefits:

• Health, dental and vision insurance
• Life insurance equal to 2x annual salary
• Retirement plan with company matching
• Paid professional development and certification maintenance
• Tuition reimbursement
• 12 weeks of paid parental leave
• Generous paid time off and 10 paid holidays

All qualified applications will receive consideration without regard to race, color, religion, sex, national origin, age, marital status, sexual orientation, veteran status, medical condition, or disability. EEO/Vet/Disabled.

Named one of "50 Great Places to Work" by Washingtonian magazine and one of "Top Workplaces" by The Washington Post.