Vice President of Risk & Compliance
San Francisco Bay Area / Manhattan , New York
Legal /
Full-time /
Hybrid
Circle Medical is the fastest-growing telemedicine provider in the US and has seen incredible growth of over 100% per year over the past three years. Circle Medical is a venture-backed Y-Combinator healthcare startup on a mission to bring quality, delightful primary care to everyone on the planet. Built by top-tier physicians, engineers, and designers, our medical practice and underlying technology have pioneered how people find and receive care.
DESCRIPTION
The VP, Legal, Risk & Compliance is a key member of the Executive Team, responsible for building and maintaining a robust risk and compliance infrastructure tailored to the unique demands of a virtual healthcare company. This role ensures adherence to federal and state telehealth regulations, digital privacy laws, and evolving reimbursement policies. The Executive leads enterprise risk, legal compliance, privacy, and security efforts while fostering a culture of ethical decision-making, transparency, and operational accountability in a distributed, technology-driven care model.
WHAT YOU'LL DO
STRATEGIC LEADERSHIP
- Lead the development and integration of a comprehensive enterprise risk and compliance strategy aligned with the organization's mission, legal obligations, and industry best practices
- Advise executive leadership and board committees on emerging risks, legal requirements, and ethical considerations
- Build and lead high-performing teams responsible for legal, compliance, audit, privacy, ethics, and enterprise risk
VIRTUAL CARE COMPLIANCE
Ensure compliance with federal and state laws governing telehealth delivery, including:
- State-by-state telemedicine licensure requirementsRemote prescribing regulations (Ryan Haight Act, DEA guidelines)
- CMS telehealth billing and reimbursement rules
- Office of Civil Rights (OCR) guidance for virtual care under HIPAA
- Maintain policies and procedures aligned with the rapidly evolving virtual care regulatory landscape
- Partner with legal and clinical leadership to ensure virtual clinical workflows meet standard-of-care requirements
PRIVACY AND DATA PROTECTION
- Oversee compliance with HIPAA, HITECH, and state-specific privacy laws such as the California Consumer Privacy Act (CCPA)
- Lead incident response planning for privacy breaches, including patient notification and regulatory reporting
- Collaborate with IT and cybersecurity teams to ensure secure data storage, access controls, encryption, and third-party vendor compliance
- Monitor risks associated with cloud-based platforms, mobile apps, wearables, and remote patient monitoring technologies
ENTERPRISE RISK MANAGEMENT
- Identify and assess clinical, reputational, legal, and technological risks unique to virtual care delivery
- Implement risk mitigation strategies across the organization, including provider performance, data integrity, platform reliability, and patient safety
- Ensure scalable risk practices across all service lines, geographic locations, and vendor networks
REGULATORY AND CLINICAL AUDIT OVERSIGHT
- Establish audit procedures for virtual care delivery, clinical documentation, billing accuracy, and digital prescribing
- Ensure compliance with payer and CMS standards to minimize denial and audit risk
- Report key risks and compliance trends to executive leadership and board committees
ETHICS AND ORGANIZATIONAL CULTURE
- Promote an ethical, inclusive, and compliant culture across a remote and geographically dispersed workforce
- Maintain a confidential reporting mechanism for compliance concerns
- Lead ongoing education and training programs around ethics, virtual care regulations, and patient safety
BUSINESS CONTINUITY AND TECHNOLOGY RISK
- Develop business continuity and cyber incident response plans tailored to digital operations
- Ensure continuity of care and secure communications in the event of platform downtime or security breach
- Review third-party vendor and software risks related to video, chat, and remote care platforms
WHAT YOU'LL BRING
- Graduate degree in Law (JD), Healthcare Administration (MHA), Public Health, or a related field required
- Minimum of 10 years of progressive experience in healthcare compliance or enterprise risk, with at least 3 to 5 years in digital health or virtual care
- Strong understanding of U.S. telehealth regulations, payer billing rules, data privacy laws, and clinical operations
- Demonstrated leadership in a dynamic, fast-paced, and compliance-sensitive environment
- Experience working in a public or venture/private equity-backed company
PREFERRED QUALIFICATIONS
- Certified in Healthcare Compliance (CHC)
- Certified Information Privacy Professional – United States (CIPP/US)
- Certified Professional in Healthcare Risk Management (CPHRM)
- Certified Information Systems Auditor (CISA)
- Telehealth Certification or relevant continuing education in digital health law
- Familiarity with technology and cloud-based systems used in virtual care, including EHR integration and digital prescribing platforms
PERSONAL ATTRIBUTES
- Deep integrity and high ethical standards
- Strong communication and collaboration skills, especially across remote teams
- Strategic thinker who can adapt compliance frameworks to a rapidly evolving digital care model
- Calm, decisive, and confident in high-stakes or crisis situations
COMPENSATION
In alignment with our values, Circle Medical has transparent salaries based on output levels, and options to trade cash for stock.
This is a full-time, salaried position with an annual salary range of $250,000 to $475,000 USD, plus generous vacation, full health benefits, and 401k matching.
Benefit Overview
• Flexible vacation, eligibility after 90-days
• 10 annual paid Holidays and 9 paid sick days
• $500 annual education and development reimbursement
• Medical, Dental, Vision benefits, Life & additional supplemental coverage options
• Wellness perks, including discounts for mental health programs and online wellness courses
• 401K + Company Matching Program
Circle Medical is an equal opportunity employer and affirmatively seeks diversity in its workforce. Circle Medical recruits qualified applicants and advances in the employment of its employees without regard to race, color, religion, gender, sex, sexual orientation, gender identity, gender expression, age, disability, genetic information, ethnic or national origin, marital status, veteran status, or any other status protected by law.
