Information Security And Compliance Manager

Summary

Join Artera's InfoSec team as an Information Security and Compliance Manager and play a critical role in maintaining our security program and ensuring compliance with regulations like HITRUST, SOC 2, and ISO. You will manage security audits, develop policies, collaborate with cross-functional teams, and oversee penetration testing. This role offers the autonomy to drive the InfoSec program forward and make a direct impact on veterans' healthcare through the VA. The position requires experience with HITRUST audits, governance, risk, and compliance in highly regulated industries, along with hands-on experience with cloud platforms and data classification. A bachelor's degree in STEM is preferred, but additional experience is acceptable. Artera offers a competitive salary, equity, and a variety of benefits.

Requirements

• Bachelor’s degree in STEM preferred additional experience in lieu of a degree is also accepted
• Experience with HITRUST policy templates and audits, preferably with familiarity in the latest versions (9.6 to 11)
• Proven expertise in governance, risk, and compliance, particularly in highly regulated industries like healthcare
• Hands-on experience with cloud-based platforms (AWS), data classification methodologies, and configuration management tools (e.g., Jamf or Intune)
• Familiarity with directory services for role-based access control and logical/physical security
• Demonstrated ability to manage audits, pentests, and control effectiveness with minimal oversight
• Exceptional problem-solving and collaboration skills
• Strong communication skills, with a knack for making technical language approachable and understandable

Responsibilities

• Manage the full lifecycle of security audits, including HITRUST, SOC 2, and other regulatory requirements
• Conduct gap analyses, compliance verification, and develop remediation strategies
• Create and maintain a library of technical and non-technical policies aligned with our compliance standards
• Collaborate with cross-functional teams (DevOps, DBA, Engineering) to verify processes and controls are effective
• Oversee penetration testing, ensuring findings are addressed effectively
• Lead cybersecurity risk resilience efforts, including identifying and mitigating vulnerabilities
• Interpret and translate complex security and compliance requirements into actionable frameworks
• Mentor the team and help the InfoSec program achieve greater autonomy
• Build strong relationships with auditors, ensuring seamless communication and alignment
• Develop scalable processes for meeting evolving compliance and security requirements

Preferred Qualifications

• Experience with FedRAMP compliance
• Facility security clearance or a strong relationship with auditors
• Sales acumen—knowing when and how to push back effectively

Benefits

• Full health benefits (medical, dental, and vision)
• Flexible spending accounts
• Company paid life insurance
• Company paid short-term & long-term disability
• Company equity
• Voluntary benefits
• 401(k)
• Manager development cohorts
• Employee development funds
• Company holidays
• Winter & Summer break
• Flexible time off
• Employee Resource Groups (ERGs)