Security & Compliance Analyst
Remote
Applications have closed
Ginger
Headspace can support any team, of any size, at any time through EAP, coaching, therapy, psychiatry services, meditation & mindfulness.
Headspace and Ginger have recently merged to become Headspace Health! While roles are still being recruited separately on our respective websites, new hires from this point forward will be joining Headspace Health. For more information, please speak with your recruiter!
About the Security & Compliance Analyst at Headspace Health:
The Security & Compliance Analyst will be a key member of the technical team responsible for worldwide compliance and enforcement at Headspace Health. This individual will work closely with the engineering, product, legal, customer success, marketing and sales teams, as well as internal and external auditors to promote security and compliance best practices and provide comprehensive data governance. They will be responsible for performing strategic analysis of available information, participating in field audits and enforcement, leveraging technical expertise and partnering with colleagues, as needed. The position will also act as a technical resource across the larger organization and external partners.
How your skills and passion will come to life at Headspace Health:
- Interact closely with other cyber security architects, privacy officer, general counsel, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements
- Work closely with prospects and the proposal managers to provide detailed responses to security assessment questionnaires
- Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all the compliance requirements
- Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace Health stack. Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over the effectiveness of controls
- Serve as the subject matter expert who will actively guide the broader risk and compliance team on all security-related technical components within the environment
- Conduct ad-hoc security architecture/application reviews to assess new risks, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence
- Pre-audit analysis, strategic product analysis, diligence for components/technologies under review. Support for product testing in the course of audit and provide the post-audit analysis and assessment
What you’ve accomplished:
- BS degree or higher in Computer Engineering, MIS or in a STEM major (Science, Technology, Engineering or Math)
- 4+ years of relevant experience in architecting security solutions and in-depth knowledge of security protocols/tools, and automation in the healthcare industry
- Familiarity with one or more industry security compliance frameworks and/or regulations such as ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, HITRUST, SOC 1, SOC 2, International Privacy Requirements including EU Privacy and Safe Harbor
- Fair understanding of cloud security concepts such as DevSecOps, IaaC, CI/CD, SAST, etc.
- Demonstrated understanding of agile secure software development lifecycle and ability to distinguish the core inputs and outputs in each cycle
- Attention to detail and a thorough approach to problem-solving
- Ability to efficiently handle ambiguity and appropriately prioritize competing projects
- Ability to work autonomously on multiple projects with a geographically distributed team
- Strong written and verbal communication skills
- Industry standard certifications such as CISSP, CISM, CRISC
How to get started:
If you’re excited by the idea of seeing yourself in this role at Headspace Health, please apply with your resume and a cover letter that best expresses your interest and unique qualifications.
Headspace Health participates in the E-Verify Program.
Headspace Health is committed to protecting the privacy and security of your personal data. Please view our privacy notice here.
Tags: Agile Audits Automation CI/CD CISM CISSP Cloud Compliance CRISC DevSecOps FedRAMP GDPR Governance HIPAA HITRUST ISO 27001 Privacy SAST Security assessment SOC SOC 1 SOC 2 STEM
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Cybersecurity Specialist jobs
- Open Chief Information Security Officer jobs
- Open Senior Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Security Specialist jobs
- Open Ingénieur DevSecops H/F jobs
- Open Senior Cyber Security Specialist jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs
- Open Splunk-related jobs