Compliance & Risk Management Specialist

ABOUT 10X HEALTH SYSTEM
10X Health System is a pioneering company at the forefront of the health and wellness industry, dedicated to revolutionizing the way individuals approach their personal health and well-being. With a philosophy rooted in the principle that optimal health is the foundation for a life lived to the fullest, 10X Health provides cutting-edge solutions and personalized health plans designed to empower individuals to achieve and maintain peak physical and mental performance.

The company's comprehensive approach to health combines the latest advances in medical science, nutrition, fitness, and technology to offer a suite of services that include state-of-the-art diagnostic testing, individualized treatment protocols, and ongoing support from a team of world-class health professionals. 10X Health's commitment to innovation and results has established it as a leader in the health optimization space, catering to those who strive to push the boundaries of what is possible in their health journey.

POSITION SUMMARY
We are seeking a detail-oriented, mission-driven Compliance & Risk Management Specialist, Telehealth & Privacy to develop, support, and evolve our compliance program as we scale, ensuring that all clinical and corporate operations align with applicable federal, state, and local laws and regulations. This role is ideal for a compliance professional with experience in telehealth, functional medicine/wellness, privacy (including state consumer data laws, e.g. CCPA), and regulatory compliance.

OBJECTIVES

Compliance Program Oversight

• Maintain and update 10X Health’s corporate compliance program, policies, and procedures
• Monitor developments in telehealth regulations, FDA guidance as it relates to healthcare, scope-of-practice laws, CLIA/licensure requirements for all clinics, and genetic privacy rules (e.g., GINA, CCPA/CPRA)
• Coordinate with legal, HR, regulatory, and product teams to ensure regulatory alignment across services and platforms
• Collaborate with the Director of Regulatory Affairs on claims substantiation workflows, asset approvals, and compliance documentation systems

Risk Assessments & Audits

• Conduct regular risk assessments and internal audits to evaluate adherence to applicable laws, standards, and internal policies
• Perform gap analyses and lead or support remediation efforts for identified risks
• Maintain audit logs, risk registers, and documentation required for regulatory readiness

Privacy & Data Protection

• Assist with the development and enforcement of HIPAA-compliant and state-specific privacy policies
• Implement and monitor data processing agreements (DPAs), data use policies, and third-party vendor practices for compliance
• Monitor consumer data rights requests and support privacy-related incident response

Licensure, Credentialing & Operational Compliance

• Track telehealth provider licensing and practice regulations across states
• Coordinate with the Director of Regulatory Affairs, who leads product and marketing claims compliance to ensure clinical and marketing practices comply with federal (FTC) and state marketing and advertising rules, as needed
• Support internal training and awareness programs for staff on compliance matters

COMPETENCIES

• Deep understanding of healthcare privacy and compliance frameworks (e.g., HIPAA, CCPA/CPRA, GINA, GDPR, FTC guidance)
• Experience with telehealth, digital health, or wellness-based care models, including functional or integrative medicine
• Proven ability to conduct audits, lead risk assessments, and support remediation planning
• Familiarity with CLIA/CMS standards, multistate licensure tracking, and dietary supplement regulations
• Comfortable reviewing vendor practices, managing data processing agreements, and responding to privacy incidents
• Able to communicate regulatory requirements clearly and contribute to staff training efforts
• Experience interfacing with external legal counsel, regulatory agencies, and/or third-party auditors
• Comfortable working in fast-paced, scaling environments with evolving regulatory needs

EDUCATION & EXPERIENCE

• 5+ years in healthcare compliance, legal, or regulatory affairs with direct experience in telehealth, digital health, or wellness-based care
• Bachelor’s degree in a relevant field required; advanced degree (JD, MPH, MBA, or similar) preferred
• Solid understanding of healthcare and privacy regulations and frameworks (CCPA/CPRA, GINA, FTC guidance, GDPR state telehealth laws)
• Exposure to health IT systems and security frameworks (e.g., NIST, HIPAA Security Rule)
• Experience operating or supporting privacy management platforms (e.g., OneTrust)
• Certified in Healthcare Compliance (CHC), Certified Information Privacy Professional (CIPP/US), or similar credential preferred

PHYSICAL REQUIREMENTS

• Prolonged periods of sitting at a desk

COMMITMENT TO DIVERSITY
As an equal opportunity employer committed to meeting the needs of a multigenerational and multicultural workforce, 10X Health System recognizes that a diverse staff, reflective of our community, is an integral and welcome part of a successful and ethical business. We hire local talent at all levels regardless of race, color, religion, age, national origin, gender, gender identity, sexual orientation, or disability, and actively foster inclusion in all forms both within our company and across interactions with clients, candidates, and partners. If you require any accommodations during the application process or have any questions, please contact [email protected].

NO SOLICITATION POLICY
10X Health does not accept unsolicited resumes, calls, or communications from staffing agencies or third-party recruiters. Any such submissions will be considered the sole property of 10X Health and will not obligate the company to pay any fees. Please refrain from contacting us regarding this posting.
#LI-CM1 #LI-Hybrid