Privacy Analyst

ABOUT ARTERA

Our Mission:Make healthcare #1 in customer service.

What We Deliver:Artera, a SaaS leader in digital health, transforms patient experience with AI-powered virtual agents (voice and text) for every step of the patient journey. Artera’s virtual agents support front desk staff to improve patient access including self-scheduling, intake, forms, billing and more. Whether augmenting a team or unleashing a fully autonomous digital workforce, Artera offers multiple virtual agent options to meet healthcare organizations where they are in their AI journey. Artera helps support 2B communications in 109 languages across voice, text and web. A decade of healthcare expertise, powered by AI.

Our Impact:Trusted by 900+ provider organizations — including specialty groups, FQHCs, large IDNs and federal agencies — engaging 100 million patients annually.

Our award-winning culture: Since founding in 2015, Artera has consistently been recognized for its innovative technology, business growth, and named a top place to work. Examples of these accolades include: Inc. 5000 Fastest Growing Private Companies (2020, 2021, 2022, 2023, 2024); Deloitte Technology Fast 500 (2021, 2022, 2023, 2024); Built In Best Companies to Work For (2021, 2022, 2023, 2024, 2025). Artera has also been recognized by Forbes as one of “America’s Best Startup Employers,” Newsweek as one of the “World’s Best Digital Health Companies,” and named one of the top “44 Startups to Bet your Career on in 2024” by Business Insider.

We’re looking for a curious and collaborative Privacy Analyst to join Artera’s lean yet mighty Legal team. This is a unique opportunity to step into a high-impact role where you’ll not only help us navigate data privacy requirements across healthcare and global regulations, but also shape how we approach privacy at a strategic level. If you’re currently at a larger company and craving a chance to help build and influence privacy policy from the ground up — this could be your moment.

You’ll be the connective tissue between Legal, Information Security, and other key cross-functional partners, working on everything from vendor risk reviews and data protection agreements to privacy tooling, policy updates, and emerging topics like AI governance. Our Privacy and Security efforts are deeply intertwined, and you’ll be a key voice as we evolve our privacy program to meet new challenges and opportunities — including GDPR, HIPAA, HITECH, and future AI and machine learning use cases.

While you'll have strong collaborators in our Security & Compliance team, this role lives within Legal under our FinOps function. That means you’ll have the space and influence to make decisions that directly shape policy — not just implement it. You'll support internal education, help establish scalable practices, and serve as an internal privacy expert as we continue to grow and innovate responsibly.

The role is listed under our Denver hub, but we're open to candidates in any of our hiring hubs. Denver is preferred to support team collaboration, but it's not a must.

• Partner with Legal, Information Security, Product, and other teams to ensure compliance with global privacy regulations (e.g., GDPR, HIPAA, HITECH).
• Draft, update, and maintain privacy policies, internal documentation, and public-facing language (e.g., website legal landing page, AI Q&A, cookie disclosures).
• Support contract reviews and negotiations, including Business Associate Agreements (BAAs) and Data Protection Agreements (DPAs).
• Shape and contribute to Artera’s AI and machine learning policy framework.
• Conduct and maintain cookie scanning and consent management through tools like OneTrust.
• Help build and mature our privacy program, with a focus on practical, scalable solutions.
• Support vendor onboarding and risk assessments in partnership with InfoSec.
• Collaborate with outside counsel to stay ahead of regulatory changes and translate them into actionable policy.
• Partner cross-functionally to educate teams and maintain consistent privacy practices.
• Participate in audit readiness efforts and support FedRAMP privacy deliverables.

• 4+ years of experience in privacy, compliance, or a related field
• Bachelor's degree in Information Security, Legal Studies, Public Policy, or Business Administration preferred; additional experience in lieu of a degree is also accepted.
• Strong understanding of U.S. healthcare privacy regulations (HIPAA, HITECH), with working knowledge of global frameworks such as GDPR
• Experience supporting data privacy and security audits; familiarity with frameworks like HITRUST, SOC 2, or ISO 27001
• Proficient with privacy management tools (e.g., OneTrust or similar)
• Excellent project and time management skills, with the ability to manage multiple priorities
• IAPP certification (e.g., CIPP, CIPM, or CIPT) preferred

• Exposure to FHIR, HL7, or cybersecurity frameworks.
• Experience with building AI policies and procedures

LOCATION

Artera values in-person collaboration and is currently hiring in the following US cities: Santa Barbara, Los Angeles, San Francisco/Bay Area, Kansas City, Seattle, Denver, Chicago, Boston, and Philadelphia (Wayne).

Artera HQ is in Santa Barbara, CA, with an additional US office located in Philadelphia (Wayne), PA. If you live in the Santa Barbara or Philadelphia area, your role will be hybrid, and you will be expected to work out of your designated office location regularly, following local office guidelines. While three days a week may be a general guideline, the specific requirement will be set regionally based on the needs of the local office and the role.

If you live in one of our other hubs, your role will be remote to start. As our team continues to grow in these cities, Artera will explore opening offices in these locations, but there is currently no timeline in place for that. Once that happens, in-office attendance will similarly follow regional expectations, with flexibility to align with the local office's norms and the specific job requirements.

WORKING AT ARTERA

Company benefits- Full health benefits (medical, dental, and vision), flexible spending accounts, company paid life insurance, company paid short-term & long-term disability, company equity, voluntary benefits, 401(k) and more!

Career development- Manager development cohorts, employee development funds

Generous time off- Company holidays, Winter & Summer break, and flexible time off

Employee Resource Groups (ERGs)- We believe that everyone should belong at their workplace. Our ERGs are available for identifying employees or allies to join.

EQUAL EMPLOYMENT OPPORTUNITY (EEO) STATEMENT

Artera is an Equal Opportunity Employer and is committed to fair and equitable hiring practices. All hiring decisions at Artera are based on strategic business needs, job requirements and individual qualifications. All candidates are considered without regard to race, color, religion, gender, sexuality, national origin, age, disability, genetics or any other protected status.

Artera is committed to providing employees with a work environment free of discrimination and harassment; Artera will not tolerate discrimination or harassment of any kind.

Artera provides reasonable accommodations for applicants and employees in compliance with state and federal laws. If you need an accommodation, please reach out to hr@artera.io.

DATA PRIVACY

Artera values your privacy. By submitting your application, you consent to the processing of your personal information provided in conjunction with your application. For more information please refer to ourPrivacy Policy.

SECURITY REQUIREMENTS

All employees are responsible for protecting the confidentiality, integrity, and availability of the organization’s systems and data, including safeguarding Artera’s sensitive information such as, Personal identifiable Information (PII) and Protected Health Information (PHI). Those with specific security or privacy responsibilities must ensure compliance with organizational policies, regulatory requirements, and applicable standards and frameworks by implementing safeguards, monitoring for threats, reporting incidents, and addressing data handling risks or breaches.