Role Description The Supervisor, Delegation Compliance leads a team of Delegation Compliance Associates to ensure Oak Street Health’s delegated utilization management (UM) and care management (CM) programs meet all CMS, NCQA, contractual, and state/federal regulatory requirements. This role drives day‑to‑day audit execution, reporting, corrective action planning, survey readiness, and continuous quality improvement—coordinating closely with UM/CM operations, Quality, Business Intelligence, and Health Plan partners. Operating as a non‑clinical compliance leader, the Supervisor provides hands‑on oversight of program auditing and monitoring, owns team performance against key metrics (on‑time reporting, audit pass rates, closure of CAPs/PIPs), and serves as a subject‑matter resource for delegation and accreditation standards. The Supervisor translates regulatory and contract requirements into practical workflows, tools, and training to safeguard compliance and support an exceptional patient and provider experience. Core Responsibilities: - Lead, coach, and develop Delegation Compliance Associates; manage workload, quality checks, performance feedback, and training needs. - Ensure delegated UM/CM programs meet CMS, NCQA, contractual, and state/federal requirements; communicate regulatory updates and operational impacts. - Serve as the internal subject‑matter resource for delegation compliance and partner with cross‑functional leaders to ensure operational alignment. - Build, maintain, and execute audit protocols and tools; oversee chart/file audits, analyze trends, and identify root causes. - Develop and monitor CAPs and PIPs; verify adequacy, progress, and long‑term sustainment of corrective actions. - Recommend and implement process improvements to strengthen internal controls, efficiency, and outcomes. - Review and update policies, procedures, program descriptions, and evaluations; develop and deliver compliance‑related training. - Oversee recurring compliance reporting, ensuring accuracy, validation, and on‑time submission; collaborate with BI to define KPIs and system requirements. - Act as a point of contact for health plans and delegated entities; support external audits, accreditation reviews, evidence preparation, and remediation efforts. - Maintain strict adherence to HIPAA, privacy, security, and ethical standards; escalate and mitigate compliance risks appropriately. - Collaborate across UM/CM, Quality, clinical teams, and other OSH programs to ensure coordinated workflows and a consistent, compliant care experience. Qualifications - Bachelor’s degree in Healthcare Administration, Business, Public Health, Compliance, or related field (or equivalent experience). - 3–5+ years of experience in healthcare compliance, delegation oversight, managed care, accreditation, or UM/CM operations. - Preferred 1–3+ years of leadership experience (team lead, supervisor, or equivalent). - Strong working knowledge of CMS, NCQA, Medicare/Medicaid, and state/federal regulatory requirements. - Experience with auditing, root cause analysis, CAP/PIP management, and external audit readiness. - Excellent communication skills with ability to break down complex regulatory requirements. - Highly organized; able to manage multiple competing deadlines in a fast‑paced environment. - Strong analytical and problem‑solving skills; proficiency in Excel/Google Sheets and EMR systems. - Experience with NCQA delegated audits or health plan oversight. - Prior experience in a health plan, MSO, IPA, or managed care organization. - Demonstrated understanding of culturally responsive care. - Proven organizational and detail-orientation skills. - Ability to collaborate effectively with a staff, providers, and a diverse group of leaders. - US work authorization. Benefits - Mission-focused career impacting change and measurably improving health outcomes for Medicare patients. - Paid vacation, sick time, and investment/retirement 401K match options. - Health insurance, vision, and dental benefits. - Opportunities for leadership development and continuing education stipends. - New centers and flexible work environments. - Opportunities for high levels of responsibility and rapid advancement. Company Description Oak Street Health is on a mission to “Rebuild healthcare as it should be'', providing personalized primary care for older adults on Medicare, with the goal of keeping patients healthy and living life to the fullest. Our innovative care model is centered right in our patient’s communities, and focused on the quality of care over volume of services. We’re an organization on the move! With over 150 locations and an ambitious growth trajectory, Oak Street Health is attracting and cultivating team members who embody “Oaky” values and passion for our mission.

• Design, build, and maintain scalable and secure CI/CD pipelines in GitLab • Implement and manage GitOps workflows for continuous delivery to RKE2 clusters using ArgoCD • Develop and maintain automation scripts and tools to streamline the software development lifecycle • Integrate security best practices and automated testing into the CI/CD pipelines • Collaborate with the infrastructure team to manage and provision environments using IaC principles • Act as a subject matter expert on CI/CD • Perform updates to an AWS development environment that includes GitLab and various AWS services • Develops Gitlab projects that enable software delivery, security scanning, secrets management, policy-as-code, and compliance automation

• Serve as the primary point of contact for assigned telecommunications clients regarding regulatory reporting. • Coordinate with clients to gather necessary reporting information and ensure timely submissions. • Analyze financial and operational data to prepare and submit compliance filings to the FCC, PUCs, and other regulatory agencies. • Maintain strong knowledge of industry regulatory changes and apply updates to compliance processes.

• Own the Framework: Design, implement, and maintain a common control framework (CCF) that maps to multiple standards (SOC 2, ISO 27001, FedRAMP, NIST CSF, PCI-DSS) to ensure "test once, comply many" efficiency. • Risk Quantification: Evolve our risk management program towards quantitative risk analysis (e.g. leveraging FAIR, OCTAVE methodologies), utilizing AI to continuously process & analyze complex data sets, and providing executive leadership with data-driven insights on security posture and residual risk and an updated view of Top Risks impacting Confluent. • Program Modernization: Develop and maintain security policies that are agile, easily discoverable, and practical for an AI-native engineering culture, enforceable through automation. • Remediation Strategy & Engineering Partnership: Interface directly with Information Security Engineering (InfoSec Eng) to co-develop technical remediation strategies that are secure by design and operationally feasible. • Risk Reporting: Develop and maintain a visual presentation layer (e.g., dynamic dashboards, executive scorecards, and trend analysis) that simplifies complex risk data. • Risk Treatment: Evolve current risk management programs to ensure risks are properly tracked, treated, and communicated. • Program Execution: Apply technical program management best practices to complex security initiatives. • Communication & Accountability: Regularly report to the Trust and Security staff, eStaff and prepare occasion Board level content via weekly, monthly and quarterly execution reviews. • OCISO Partnership: Collaborate closely with the Office of the CISO (OCISO) to proactively forecast and prioritize security certifications and product features. • Sales Acceleration: Act as a subject matter expert during high-stakes customer engagements, partnering with Sales and OCISO to build confidence with Fortune 500 CISOs and external auditors. • Continuous Compliance and Scale: Partner with Engineering to drive the automation of evidence collection and control monitoring. • Audit Management: Orchestrate all external audits and certifications, serving as the primary liaison with external auditors and regulators. • TPRM: Oversee the Third-Party Risk Management program, ensuring that vendors, partners, and AI sub-processors meet Confluent’s security standards throughout the vendor lifecycle.