Director, Compliance and Privacy

About The Role:

We are looking for a Director of Compliance & Privacy to serve as the operational engine of our compliance and privacy programs as Pomelo Care scales. This is a high-impact, “player-coach” leadership role designed for a seasoned operator who thrives on directly executing across a broad compliance portfolio, from privacy investigations and clinical compliance to the annual audit plan, while helping to keep operations running at the pace of the business.

You will act as the critical right hand to the Head of Compliance, managing the daily intake volume, leading complex investigations, and providing the direct day-to-day guidance that unblocks our compliance associates. You will command the organizational authority needed to hold cross-functional teams accountable, ensuring our processes protect our members and enable the business to move fast.

This role reports to our Head of Compliance and can be based anywhere in the continental US.

What You'll Do:

• Directly lead and execute the day-to-day operations of the HIPAA privacy program, including personally conducting, documenting, and managing complex breach and privacy incident investigations.
• Oversee the state privacy law program (CCPA/CPRA), ensuring data subject access requests (DSARs) and consent management workflows are executed flawlessly.
• Manage and triage operational volume, logging into intake tools and Slack channels alongside the team to ensure compliance inquiries and incidents are resolved efficiently.
• Provide daily operational guidance and decision-making support to the compliance team, serving as the primary escalation point for ambiguous or complex compliance questions.
• Oversee the clinical and regulatory compliance work-stream, managing billing and coding compliance, state licensure, and health plan contractual obligations.
• Serve as the primary operational interface with legal and compliance colleagues to translate complex legal requirements into practical, live workflows for our clinical and business partners.
• Drive the execution of the annual Compliance Work and Audit Plan to proactively identify, monitor, and remediate potential risks across the business.
• Manage and develop direct reports as the compliance organization scales, fostering a high-performing team culture of accountability and mentorship.

Who You Are:

• 7+ years of experience in healthcare compliance or privacy, specifically within a clinical or medical group environment.
• Deep expertise in HIPAA and HITECH, strong working knowledge of state privacy laws like CCPA/CPRA.
• A proven track record as an investigator, with extensive experience managing complex healthcare compliance and privacy intakes from discovery to final disposition.
• A track record of “operationalizing” rules. You don’t just read the law; you build the checklists and workflows that make it work for a busy team.
• High empathy for members and care teams, with the ability to communicate complex rules in a clear and supportive way.
• A “player-coach” mindset - you have the executive presence to command a room, but you genuinely enjoy doing the tactical work and aren’t afraid to dig into ticketing queues and spreadsheets.
• A certification in healthcare compliance (CHC) or privacy (CHPC/CIPP) is strongly preferred.

Why you should join our team

By joining Pomelo, you will get in on the ground floor of a fast-moving, well-funded, and mission-driven startup that always puts the patient first. You will learn, grow and be challenged, and have fun with your team while doing it.

We strive to create an environment where employees from all backgrounds are respected. We also offer:

• Competitive healthcare benefits
• Generous equity compensation
• Unlimited vacation
• Membership in the First Round Network (a curated and confidential community with events, guides, thousands of Q&A questions, and opportunities for 1-1 mentorship)

At Pomelo, we are committed to hiring the best team to improve outcomes for all mothers and babies, regardless of their background. We need diverse perspectives to reflect the diversity of problems we face and the population we serve. We look to hire people from a variety of backgrounds, including but not limited to race, age, sexual orientation, gender identity and expression, national origin, religion, disability, and veteran status.

Compensation

Our salary ranges are based on paying competitively for our company’s size and industry, and are one part of the total compensation package that also includes equity, benefits, and other opportunities at Pomelo Care. In accordance with New York City, Colorado, California, and other applicable laws, Pomelo Care is required to provide a reasonable estimate of the compensation range for this role. Individual pay decisions are ultimately based on a number of factors, including qualifications for the role, experience level, skillset, geography, and balancing internal equity. Given that this role is open to candidates of different skill levels, determining a salary range is challenging. A reasonable estimate of the current salary range is $180,000-$210,000. We expect most candidates to fall in the middle of the range. We also believe that your personal needs and preferences should be taken into consideration, so we allow some choice between equity and cash.