GRC Analyst

ABOUT ARTERA

Our Mission: Make healthcare #1 in customer service.

What We Deliver: Artera, a SaaS leader in digital health, transforms patient experience with AI-powered virtual agents (voice and text) for every step of the patient journey. Trusted by 1,000+ provider organizations — including specialty groups, FQHCs, large IDNs and federal agencies — engaging 100 million patients annually. Artera’s virtual agents support front desk staff to improve patient access including self-scheduling, intake, forms, billing and more. Whether augmenting a team or unleashing a fully autonomous digital workforce, Artera offers multiple virtual agent options to meet healthcare organizations where they are in their AI journey. Artera helps support 2B communications in 109 languages across voice, text and web. A decade of healthcare expertise, powered by AI. 

Our Impact: Trusted by 900+ provider organizations — including specialty groups, FQHCs, large IDNs and federal agencies — engaging 100 million patients annually. 

Our award-winning culture: Our award-winning culture: Since founding in 2015, Artera has consistently been recognized for its innovative technology, business growth, and named a top place to work. Examples of these accolades include: Inc. 5000 Fastest Growing Private Companies (2020, 2021, 2022, 2023, 2024); Deloitte Technology Fast 500 (2021, 2022, 2023, 2024); Built In Best Companies to Work For (2021, 2022, 2023, 2024, 2025). Artera has also been recognized by Forbes as one of “America’s Best Startup Employers,” Newsweek as one of the “World’s Best Digital Health Companies,” and named one of the top “44 Startups to Bet your Career on in 2024” by Business Insider.

SUMMARY

Artera is seeking a mid-level GRC Analyst to join our Information Security team and help us strengthen and scale our security and compliance program, particularly as we expand our work in the federal space. This individual will play a key role in supporting continuous monitoring efforts tied to FedRAMP High. While prior FedRAMP experience is strongly preferred, it’s not required; we’re looking for someone with curiosity, initiative, and a desire to grow in this space.

This is a great opportunity for someone who enjoys the intersection of technical systems and risk management, and who’s motivated by process improvement, automation, and collaborative problem-solving. You’ll work cross-functionally with teams like DevOps, Engineering, Privacy, and IT, and partner closely with auditors and external stakeholders. Your work will directly support audit readiness, vulnerability tracking, and the evolution of a proactive, efficient compliance program.

• Support the ongoing maintenance of our FedRAMP High continuous monitoring program, including evidence collection and reporting
• Track, review, and document vulnerability scan data; ensure remediation efforts are auditable and timely
• Manage security-related tickets and cases in systems like Jira, SharePoint, and internal documentation tools
• Collaborate with Engineering, DevOps, IT, and Privacy to collect data, verify controls, and support audit readiness
• Answer auditor and federal agency questions by compiling and submitting relevant documentation
• Identify manual or repetitive processes and propose automation opportunities (scripts, tools, templates, etc.)
• Conduct internal access reviews, policy checks, and other posture assessments across systems
• Help build scalable documentation, workflows, and templates to reduce audit fatigue
• Contribute to security roadmap planning by identifying gaps or inefficiencies in current processes
• Stay current on security trends and evolving standards relevant to federal and commercial compliance

• 4+ years of experience in security, GRC, or a related technical/compliance role
• Must be eligible to obtain and maintain a U.S. government security clearance to support work across both commercial and federal programs
• Familiarity with compliance frameworks like SOC 2, HIPAA, HITRUST, PCI, or ISO 27001 (FedRAMP preferred)
• Experience reviewing or managing vulnerability scans (e.g., Wazuh, Tenable) and related ticketing
• Proficiency in Microsoft tools (Excel, SharePoint, Word); comfortable managing and navigating documentation
• Excellent attention to detail, systems thinking, and ability to manage multiple data streams
• Strong communication and collaboration skills, especially across technical and non-technical teams

• Exposure to scripting or automation tools (e.g., Excel macros, PowerAutomate)
• Experience using GRC platforms like Drata, HyperProof, or similar
• Threat hunting or familiarity with tools like CrowdStrike, Splunk, or ElasticSearch

OUR APPROACH TO WORK LOCATION

Artera has hybrid office locations in Santa Barbara, CA, and Philadelphia (Wayne), PA, where team members typically come in three days a week. Specific frequency can vary depending on your team's needs, manager expectations and/or role responsibilities.

In addition to our U.S. office locations, we are intentionally building geographically concentrated teams in several key metropolitan areas, which we call our “Hiring Hubs.” We are currently hiring remote candidates located within the following hiring hubs:

- Boston Metro Area, MA

- Chicago Metro Area, IL

- Denver Metro Area, CO

- Kansas City Metro Area (KS/MO)

- Los Angeles Metro Area, CA

- San Francisco / Bay Area, CA

- Seattle Metro Area, WA

This hub-based model helps us cultivate strong local connections and team cohesion, even in a distributed environment. 

To be eligible for employment at Artera, candidates must reside in one of our hybrid office cities or one of the designated hiring hubs. Specific roles may call out location preferences when relevant.

As our hubs grow, we may establish local offices to further enhance in-person connection and collaboration. While there are no current plans in place, should an office open in your area, we anticipate implementing a hybrid model. Any future attendance expectations would be developed thoughtfully, considering factors like typical commute times and access to public transit, to ensure they are fair and practical for the local team.

WORKING AT ARTERA 

Company benefits - Full health benefits (medical, dental, and vision), flexible spending accounts, company paid life insurance, company paid short-term & long-term disability, company equity, voluntary benefits, 401(k) and more! 

Career development - Manager development cohorts, employee development funds

Generous time off - Company holidays, Winter & Summer break, and flexible time off

Employee Resource Groups (ERGs) - We believe that everyone should belong at their workplace. Our ERGs are available for identifying employees or allies to join. 

EQUAL EMPLOYMENT OPPORTUNITY (EEO) STATEMENT

Artera is an Equal Opportunity Employer and is committed to fair and equitable hiring practices. All hiring decisions at Artera are based on strategic business needs, job requirements and individual qualifications. All candidates are considered without regard to race, color, religion, gender, sexuality, national origin, age, disability, genetics or any other protected status. 

Artera is committed to providing employees with a work environment free of discrimination and harassment; Artera will not tolerate discrimination or harassment of any kind.

Artera provides reasonable accommodations for applicants and employees in compliance with state and federal laws. If you need an accommodation, please reach out to [email protected].

DATA PRIVACY

Artera values your privacy. By submitting your application, you consent to the processing of your personal information provided in conjunction with your application. For more information please refer to our Privacy Policy.

SECURITY REQUIREMENTS

All employees are responsible for protecting the confidentiality, integrity, and availability of the organization’s systems and data, including safeguarding Artera’s sensitive information such as, Personal identifiable Information (PII) and Protected Health Information (PHI). Those with specific security or privacy responsibilities must ensure compliance with organizational policies, regulatory requirements, and applicable standards and frameworks by implementing safeguards, monitoring for threats, reporting incidents, and addressing data handling risks or breaches.