hero

Work for companies that improve the lives of healthcare professionals and patients

Information Security and Compliance Manager

Well Health

Well Health

IT, Legal
Chicago, IL, USA
Posted on Nov 22, 2024
ABOUT ARTERA
Our Mission: Make healthcare #1 in customer service.
What We Deliver: Artera (formerly WELL Health®) is the patient communication platform that delivers happier staff, healthier patients, and more profitable organizations. We enable two-way conversations between patients and their healthcare teams through secure, multilingual messaging across multiple channels – including text, email, and telephone. By unifying disjointed touchpoints into a single, intuitive channel, Artera fuels connected patient experiences and empowers organizations to deliver the best customer service imaginable.
Our Impact: Artera helps 500+ healthcare providers facilitate more than 1 billion messages for 40+ million patients annually.
Our award-winning culture: Since founding in 2015, Artera has consistently been recognized for its innovative technology, business growth, and named a top place to work. Examples of these accolades include: Inc. 5000 Fastest Growing Private Companies (2020, 2021, 2022, 2023); Deloitte Technology Fast 500 (2021, 2022, 2023); Built In Best Companies to Work For (2021, 2022, 2023, 2024). Artera has also been recognized by Forbes as one of “America’s Best Startup Employers,” Newsweek as one of the “World’s Best Digital Health Companies,” and named one of the top “44 Startups to Bet your Career on in 2024” by Business Insider.
Are you a fan of dad jokes and bow-hunting skills? On Artera’s InfoSec team, we take security seriously but never ourselves. We're on the hunt for an Information Security and Compliance Manager to take the lead in running our security program and championing governance, risk, and compliance initiatives (with a side of pentesting and policy writing). This role is key to keeping us audit-ready, compliant with all the acronyms (HITRUST, SOC 2, ISO), and ahead in the highly regulated healthcare space.
You'll play a critical role in creating and maintaining a library of policies, managing audits, and collaborating across DevOps, DBA, and Engineering to ensure our processes and controls align with our commitments. Plus, you'll have the autonomy to drive our InfoSec program to new heights. If you like Legos, asynchronous updates, and interpreting complex security requirements, this is your jam.
And here's the impact: your work will directly influence veterans' healthcare through the VA. This isn’t just a job; it’s a chance to make a difference. So, bring your security expertise, problem-solving skills, and appetite for tackling challenges in a highly collaborative environment.

Responsibilities

  • Manage the full lifecycle of security audits, including HITRUST, SOC 2, and other regulatory requirements.
  • Conduct gap analyses, compliance verification, and develop remediation strategies.
  • Create and maintain a library of technical and non-technical policies aligned with our compliance standards.
  • Collaborate with cross-functional teams (DevOps, DBA, Engineering) to verify processes and controls are effective.
  • Oversee penetration testing, ensuring findings are addressed effectively.
  • Lead cybersecurity risk resilience efforts, including identifying and mitigating vulnerabilities.
  • Interpret and translate complex security and compliance requirements into actionable frameworks.
  • Mentor the team and help the InfoSec program achieve greater autonomy.
  • Build strong relationships with auditors, ensuring seamless communication and alignment.
  • Develop scalable processes for meeting evolving compliance and security requirements.

Requirements

  • Bachelor’s degree in STEM preferred **additional experience in lieu of a degree is also accepted**
  • Experience with HITRUST policy templates and audits, preferably with familiarity in the latest versions (9.6 to 11)
  • Proven expertise in governance, risk, and compliance, particularly in highly regulated industries like healthcare.
  • Hands-on experience with cloud-based platforms (AWS), data classification methodologies, and configuration management tools (e.g., Jamf or Intune).
  • Familiarity with directory services for role-based access control and logical/physical security.
  • Demonstrated ability to manage audits, pentests, and control effectiveness with minimal oversight.
  • Exceptional problem-solving and collaboration skills.
  • Strong communication skills, with a knack for making technical language approachable and understandable.

Bonus

  • Experience with FedRAMP compliance.
  • Facility security clearance or a strong relationship with auditors.
  • Sales acumen—knowing when and how to push back effectively.
LOCATION
Artera values in-person collaboration and is currently hiring in the following US cities: Santa Barbara, Los Angeles, San Francisco/Bay Area, Kansas City, Seattle, Denver, Chicago, Boston, and Philadelphia (Wayne).
Artera HQ is in Santa Barbara, CA, with an additional US office located in Philadelphia (Wayne), PA. If you live in the Santa Barbara or Philadelphia area, your role will be hybrid, and you will be expected to work out of your designated office location regularly, following local office guidelines. While three days a week may be a general guideline, the specific requirement will be set regionally based on the needs of the local office and the role.
If you live in one of our other hubs, your role will be remote to start. As our team continues to grow in these cities, Artera will explore opening offices in these locations, but there is currently no timeline in place for that. Once that happens, in-office attendance will similarly follow regional expectations, with flexibility to align with the local office's norms and the specific job requirements.
WORKING AT ARTERA
Company benefits - Full health benefits (medical, dental, and vision), flexible spending accounts, company paid life insurance, company paid short-term & long-term disability, company equity, voluntary benefits, 401(k) and more!
Career development - Manager development cohorts, employee development funds
Generous time off - Company holidays, Winter & Summer break, and flexible time off
Employee Resource Groups (ERGs) - We believe that everyone should belong at their workplace. Our ERGs are available for identifying employees or allies to join.
Committed to Diversity, Equity, and Inclusion
Artera is an Equal Opportunity Employer and is committed to fair and equitable hiring practices. All hiring decisions at Artera are based on strategic business needs, job requirements and individual qualifications. All candidates are considered without regard to race, color, religion, gender, sexuality, national origin, age, disability, genetics or any other protected status.
With that said, research shows that women and other underrepresented groups apply only if they meet 100% of the criteria. Artera is committed to leveling the playing field, and we encourage you to apply for positions even if you do not meet 100% of the criteria. We would love to connect with you and see if you would be a great fit for our role!
We’re dedicated to creating an inclusive, equitable, and diverse workplace, where everyone feels safe to be themselves and diversity is a strength. Artera is committed to providing employees with a work environment free of discrimination and harassment; Artera will not tolerate discrimination or harassment of any kind.
DATA PRIVACY
Artera values your privacy. By submitting your application, you consent to the processing of your personal information provided in conjunction with your application. For more information please refer to our Privacy Policy.