Skip to Main Content


Director of Compliance & Privacy

Recruitment #22-005484-0020


MHBE is accepting applications for a vacant Director of Compliance & Privacy position! 

Maryland Health Benefit Exchange is responsible for the administration of Maryland Health Connection, the State's health insurance marketplace, under the Patient Protection and Affordable Care Act of 2010(ACA). MHBE works with the Maryland Department of Health, Maryland Insurance Administration, Department of Human Services, and stakeholders statewide.

Vision Statement: High-quality, affordable health coverage for all Marylanders.
Mission Statement: We improve the health and well-being of Marylanders by connecting them with high-quality, affordable health coverage through innovation, technology, and customer service.
Values: Diverse & Inclusive, Innovative, Collaborative, & Ethical.

For more information on MHBE, please visit our website.




MHBE is adhering to a hybrid work schedule. Work for this position will be completed at a remote location of your choice (3 days) and at our office located at 750. E. Pratt St, 6th Floor, Baltimore, MD 21202 (2 days).

Main Purpose of Job

This position is responsible for overseeing compliance within the Exchange, and ensuring compliance with laws, regulatory requirements, policies, and procedures. This position provides leadership, direction, and integration of compliance activities in support of the Exchange’s vision, mission, and values. The position will assure the Exchange complies with the Code of Conduct, 45 CFR 155 Exchange Establishment Standards and Related Standards Under the Affordable Care Act, Privacy regulations including those found in the CMS and MHBE Computer Matching Agreement, Minimum Acceptable Risk Standards (MARS-E) v2.0, and 45 CFR 155.260 as well as Ethics Law as set forth in set forth in Md. Code Ann., State Gov't §§ 15-101 through 15-1001.


Strategy, Planning, and Leadership - 30%
  • Provide key strategic direction to build and oversee a coordinated compliance program that meets regulatory requirements and reflects the Exchange’s unique characteristics and responsibilities.
  • Chair and collaborate with the compliance committee to effectively incorporate the compliance program into the Exchange.
  • Present quarterly updates to the Board of Trustees Finance and Compliance committee. Present an annual compliance report to the Board of Trustees.
  • Initiate, facilitate and promote activities to foster compliance with the MHBE Code of Conduct, Compliance program, Fraud, Waste and Abuse reporting, and Privacy requirements and awareness within the agency.
  • Maintain current knowledge of applicable federal and state privacy laws.
  • Conduct analyses and advise senior managers about compliance implications of business decisions.
  • Supervise and support direct reports fostering a collaborative teamwork environment with direct reports and the leadership team. Model commitment to a team environment that operates in alignment with MHBE values of diverse & inclusive, innovative, collaborative, and ethical.

Compliance Program Oversight and Implementation - 30%
  • Develop an internal and external audit and monitoring program, to include the conduction of audits and systematic reviews in the investigation of fraud, waste, and abuse.
  • Develop an annual compliance work plan reflective of key compliance strategies, initiatives, and a culture of compliance.
  • Create an annual Audit plan that encompasses regulations, internal and external audits, and contract monitoring.
  • Coordinate the development, implementation, and maintenance of internal controls (policies and procedures) across the Exchange.  
  • Oversee the coordination, preparation, and implementation of external, independent, State, and federal auditors and any commensurate corrective action plans,      
  • Coordinate with the federal Health and Human Services, Centers for Medicaid and Medicare Services, Center for Consumer Information and Insurance Oversight, Office of Attorney General, Office of Civil Rights, and other legal entity organization officers in any compliance reviews or investigations.
  • Update employee orientation materials annually, as well as employee and external stakeholder training to include lessons learned, best practices and updates to federal and state regulations. Provide ad hoc training in the event regulations or best practice necessitates.
  • Provide notice to stakeholders and their supervisors on completion of required training and any attestations related to Code of Conduct, Privacy and IT security procedure adherence, and IRS 1075 training.  Inform Human Resources and IT Security as necessary.
  • Work with staff responsible for contracts and procurement ensuring compliance with Section 31 of Maryland Insurance and 45 CFR 155 Privacy and IT Security

Privacy Program Oversight and Implementation - 25%
  • Develop and implement a Privacy Program, to include a comprehensive privacy incident management system, Privacy Notice, consent process, and accounting of disclosures. 
  • Develop an annual privacy plan that incorporates privacy policies, procedures and practices, monitoring, and training. 
  • Develop standards and initiate periodic information privacy risk assessments; complete annual Privacy Impact Assessment and MARS-E v2.0 Privacy self-assessment as mandated by CCIIO and CMS, respectively.  
  • Coordinate the development of and maintain all official records regarding due diligence and compliance for all MHBE Non-Exchange Entities Agreements, Data Sharing or Use Agreements with State agencies, and any combination thereof, to meet Medicaid, CHIP and other state and federal benefit programs on compliance and privacy; and Survey units and update records periodically to ensure documents are available for Federal investigators review upon requests.
  • Ensure annual and ongoing Personally Identifiable Information Inventory is completed and maintained to minimize access to, use and disclosure of consumer personally identifiable information (PII) to only that amount which is required for employees to complete their job functions, within and across the Exchange.  The PII inventory includes inputs, processing and outputs of PII.
  • Ensure MHBE maintains a robust consent process to ensure appropriate use and disclosure of consumer PII as well as an accounting of disclosure process.
  • Coordinate with IT design, development, and security personnel to ensure privacy requirements are built into the design of the IT platforms.
  • Liaison with vendor Privacy officials or designees to ensure they maintain privacy program and practices at a minimum of what MHBE is required to maintain.
  • Lead and coordinate implementation of internal Privacy related corrective action plans, ensuring proactive reviews of pending regulations are integrated into the plans; and
  • Conduct related ongoing privacy standards compliance monitoring activities for external vendors and ensure performance of ongoing monitoring of vendor corrective action plans

Fraud, Waste and Abuse Oversight and Implementation - 15%
  • Develop, implement, and manage a system for reporting and investigating suspected incidents of fraud, waste, and abuse.
  • Investigate, or cause an investigation of individual and systemic problems, implementation of corrective actions and develop policy addressing the non-employment or retention of sanctioned individuals.
  • Develop and manage enforcement procedures with appropriate Exchange officials regarding disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations, or federal health care program requirements.


Education: A bachelor's degree from an accredited college or university in any discipline

Experience: A minimum of eight (8) years of related experience including:
  • Experience developing and managing compliance programs including federal and state required compliance.
  • Experience providing consultation to executive management and formulating strategy, driving change, and influencing decisions.  
  • Experience leading cross functional teams to develop and deliver enterprise-wide programs, initiatives, or projects. 


  • Experience with health care, insurance, regulatory interpretation, and/or government operations.
  • Advanced degree in law, business or public administration, public health, or related field.  
  • Professional certification in corporate compliance or privacy (such as HCCA, SCCE, CHC, CHPC, CHRC, or other related certification). 


Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date. Successful candidates will be ranked as Best Qualified, Better Qualified, or Qualified and placed on the eligible (employment) list for at least one year.


The assessment may consist of a rating of your education, training, and experience related to the requirements of the position. It is important that you provide complete and accurate information on your application. Please report all experience and education that is related to this position.


As an employee of the State of Maryland, you will have access to outstanding benefits, including: health insurance, dental, and vision plans offered at a low cost. Click on this link for more details  STATE OF MARYLAND BENEFITS

Additional Leave & Retirement Benefits:

  • Annual Leave - ten (10) days of accumulated annual leave per year
  • Sick Leave - fifteen (15) days of accumulated sick leave per year
  • Parental Leave - up to sixty (60) days of paid parental leave upon the birth or adoption of a child
  • Holidays - State employees also celebrate at least twelve (12) holidays per year
  • Pension - State employees earn credit towards a retirement pension
  • 401(k) – State employees can contribute to a supplemental Retirement Plan


The online application process is STRONGLY preferred. If you are unable to apply online, you may submit a paper application and resume: 
via email: 
via mail: MHBE Office of Human Resources 
750 E. Pratt St, 6th Floor Baltimore, MD 21202 

Resumes will not be accepted in lieu of completing the online or paper application. Applications must be received no later than the close of business on the closing date. 

Appropriate accommodations for individuals with disabilities are available upon request by calling MDTTY Relay Service. TTY Users: call via Maryland Relay.

As an equal opportunity employer, Maryland is committed to recruiting, retaining, and promoting employees who are reflective of the State's diversity. People with disabilities and bilingual candidates are encouraged to apply. We thank your Veterans for their service to our country and encourage them to apply.

This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact the Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issues before the employer can take any employment action against you.

Powered by JobAps