Careers at Sagility

The Manager – Risk & Compliance is responsible for end-to-end compliance oversight across sites, ensuring alignment with healthcare regulations (HIPAA, CMS, GLBA), contractual obligations, and information security standards. The role leads core programs such as OIG/GSA exclusion screening, vendor risk management, and audit readiness, while overseeing risk assessments, incident management, and compliance reporting. It also drives data privacy, ISMS/PIMS compliance, and continuous improvement initiatives, while providing leadership and governance to Compliance Officers to ensure consistent, audit-ready operations.Manager

DUTIES & RESPONSIBILITIES

Compliance Governance & Oversight

• Provide guidance and oversight to Site and Operations Compliance Officers to ensure consistent implementation of compliance programs across all in-scope operations.
• Monitor adherence to organizational compliance frameworks, policies, and regulatory requirements applicable to healthcare BPO operations.
• Review and validate compliance reports, risk registers, and monitoring activities submitted by Compliance Officers.
• Escalate significant compliance risks, control gaps, or regulatory concerns to the Compliance Manager/Director with recommended remediation plans.
• Support the development, enhancement, and standardization of compliance processes, monitoring tools, and reporting mechanisms across sites and ensure its alignment with the COC, HIPAA Privacy & Security Policies, FWA, BAA, and other Data Protection and Privacy Policies.
• Drive continuous improvement initiatives to enhance compliance maturity, including automation and tool optimization.

OIG/GSA Exclusion Screening & Regulatory Monitoring (CORE FOCUS)

• Own and manage the enterprise-wide exclusion screening program, ensuring full compliance with federal healthcare program integrity requirements.
  Oversee the implementation and governance of exclusion screening tools covering:
  • Office of Inspector General (OIG) – LEIE
  • General Services Administration (GSA) – SAM
  • Office of Foreign Assets Control (OFAC) and other applicable lists
    • Ensure 100% timely and accurate screening of employees, contractors, and vendors prior to onboarding and on a recurring basis.
    • Validate effectiveness of automated/manual screening tools and ensure proper configuration, updates, and audit trails.
    • Establish protocols for positive match identification, validation, escalation, and remediation.
    • Lead investigations related to potential exclusions and ensured proper documentation and regulatory reporting were required.
    • Conduct periodic audits of exclusion screening processes to ensure completeness, accuracy, and regulatory defensibility.

Vendor Oversight & Third-Party Risk Management (CORE FOCUS)

• Lead the compliance oversight of third-party vendors and subcontractors, ensuring alignment with regulatory, contractual, and security requirements.
• Establish and enforce a Vendor Compliance Monitoring Framework, including:
  • Due diligence and onboarding assessments
  • Periodic compliance reviews and attestations

HIPAA, GLBA & CMS Regulatory Compliance

• Oversee site compliance with key healthcare regulatory requirements including:
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Centers for Medicare & Medicaid Services (CMS) requirements
  • Gramm-Leach-Bliley Act (GLBA)
  • Data Privacy Act of 2012
• Provide guidance to Compliance Officers in monitoring controls related to the protection of PHI, PII, and Medicare/Medicaid data.
• Review incident documentation and support preparation of regulatory reporting related to potential privacy or security breaches.
• Ensure compliance validation activities, checklist reviews, and evidence documentation are completed by Compliance Officers.
• Oversee preparation and readiness for client audits, regulatory audits, and external compliance assessments.
• Monitor compliance with federal healthcare program integrity requirements by ensuring exclusion screening processes are performed against:
  • Office of Inspector General (OIG) List of Excluded Individuals and Entities (LEIE)
  • General Services Administration (GSA) System for Award Management (SAM) exclusion list and
  • Other regulatory exclusion requirements like Office of Foreign Assets Control (OFAC), etc.
• Support preparation for client-led audits, CMS validations, security assessments, and regulatory reviews.

Contractual & Site Compliance Monitoring

• Ensure Compliance Officers monitor adherence to client contractual obligations and security requirements applicable to each account.
• Review gap assessments conducted at the site or account level and ensure remediation plans are properly documented and tracked.
• Oversee periodic site compliance walkthroughs covering physical security, logical security, and operational compliance controls.
• Escalate critical compliance risks or contractual compliance gaps to the Compliance Manager/Director with recommended mitigation strategies.

Data Privacy Compliance

• Support implementation and oversight of data privacy controls aligned with HIPAA, local data protection regulations, and client requirements.
• Provide guidance to Compliance Officers in conducting Privacy Impact Assessments (PIA) for new processes, systems, or operational changes.
• Monitor adherence to data retention schedules and secure disposal requirements across assigned accounts.
• Review privacy incident reports and ensure proper documentation, escalation, and regulatory reporting where required.

ISMS & PIMS Certification Compliance Support

• Support the governance and oversight of the Information Security Management System (ISMS) aligned with ISO/IEC 27001 across assigned sites.
• Guide Compliance Officers in maintaining the Statement of Applicability (SOA) and tracking control implementation at the site and account level.
• Review internal ISMS & PIMS audit results and ensure appropriate remediation plans are established and monitored by site Compliance Officers.
• Monitor closure of audit findings, nonconformities, and corrective action plans to ensure timely resolution.
• Provide oversight on site-level risk assessments and risk treatment plans to ensure alignment with enterprise risk management standards.
• Support governance of Business Continuity and Disaster Recovery planning and testing activities at the site level.

Privacy and Information Security Compliance Monitoring

• Oversee compliance with organizational information security policies, standards, and procedures across assigned sites.
• Guide Compliance Officers in conducting periodic access reviews and validation of user provisioning/deprovisioning controls.
• Reviews reported security incidents and vulnerabilities to ensure proper escalation, documentation, and remediation actions are completed.
• Monitor implementation of administrative, technical, and physical security controls through compliance validation and reporting.
• Support development and delivery of security and compliance awareness initiatives to reinforce compliance culture at the site level.

General Safety and Security Responsibilities

• Promote and uphold the principles of the Quality Information Security Management System (QISMS) across assigned sites.
• Ensure that all compliance activities support the confidentiality, integrity, and availability of information critical to the organization’s business operations.
• Foster a culture of compliance by providing continuous guidance, mentorship, and support to Compliance Officers and operational stakeholders.

Quezon City, Bridgetowne ZetaPhilippines