GRC Analyst

Summary

Join Artera's Information Security team as a mid-level GRC Analyst to strengthen and scale our security and compliance program, especially in the federal space. This key role supports continuous monitoring efforts tied to FedRAMP High, involving evidence collection and reporting, vulnerability tracking, and remediation. You will manage security-related tickets, collaborate with cross-functional teams, answer auditor questions, and identify automation opportunities. The position requires strong attention to detail, excellent communication, and experience in security or GRC. This role offers a chance to improve processes, work with various technologies, and contribute to a proactive compliance program. The compensation includes equity and a variety of benefits.

Requirements

• 4+ years of experience in security, GRC, or a related technical/compliance role
• Must be eligible to obtain and maintain a U.S. government security clearance to support work across both commercial and federal programs
• Familiarity with compliance frameworks like SOC 2, HIPAA, HITRUST, PCI, or ISO 27001 (FedRAMP preferred)
• Experience reviewing or managing vulnerability scans (e.g., Wazuh, Tenable) and related ticketing
• Proficiency in Microsoft tools (Excel, SharePoint, Word); comfortable managing and navigating documentation
• Excellent attention to detail, systems thinking, and ability to manage multiple data streams
• Strong communication and collaboration skills, especially across technical and non-technical teams

Responsibilities

• Support the ongoing maintenance of our FedRAMP High continuous monitoring program, including evidence collection and reporting
• Track, review, and document vulnerability scan data; ensure remediation efforts are auditable and timely
• Manage security-related tickets and cases in systems like Jira, SharePoint, and internal documentation tools
• Collaborate with Engineering, DevOps, IT, and Privacy to collect data, verify controls, and support audit readiness
• Answer auditor and federal agency questions by compiling and submitting relevant documentation
• Identify manual or repetitive processes and propose automation opportunities (scripts, tools, templates, etc.)
• Conduct internal access reviews, policy checks, and other posture assessments across systems
• Help build scalable documentation, workflows, and templates to reduce audit fatigue
• Contribute to security roadmap planning by identifying gaps or inefficiencies in current processes
• Stay current on security trends and evolving standards relevant to federal and commercial compliance

Preferred Qualifications

• Exposure to scripting or automation tools (e.g., Excel macros, PowerAutomate)
• Experience using GRC platforms like Drata, HyperProof, or similar
• Threat hunting or familiarity with tools like CrowdStrike, Splunk, or ElasticSearch

Benefits

• $97,000 - $130,000 a year
• Full health benefits (medical, dental, and vision)
• Flexible spending accounts
• Company paid life insurance
• Company paid short-term & long-term disability
• Company equity
• Voluntary benefits
• 401(k)
• Manager development cohorts
• Employee development funds
• Company holidays, Winter & Summer break, and flexible time off