Security & Compliance Analyst


Applications have closed
Ginger logo


Coaching, therapy, and psychiatry from the privacy of your smartphone.
Find more jobs like this


Headspace and Ginger have recently merged to become Headspace Health! While roles are still being recruited separately on our respective websites, new hires from this point forward will be joining Headspace Health. For more information, please speak with your recruiter! 


About the Security & Compliance Analyst at Headspace Health:

The Security & Compliance Analyst will be a key member of the technical team responsible for worldwide compliance and enforcement at Headspace Health. This individual will work closely with the engineering, product, legal, customer success, marketing and sales teams, as well as internal and external auditors to promote security and compliance best practices and provide comprehensive data governance. They will be responsible for performing strategic analysis of available information, participating in field audits and enforcement, leveraging technical expertise and partnering with colleagues, as needed. The position will also act as a technical resource across the larger organization and external partners.

How your skills and passion will come to life at Headspace Health:

  • Interact closely with other cyber security architects, privacy officer, general counsel, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements
  • Work closely with prospects and the proposal managers to provide detailed responses to security assessment questionnaires
  • Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all the compliance requirements
  • Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace Health stack. Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over the effectiveness of controls
  • Serve as the subject matter expert who will actively guide the broader risk and compliance team on all security-related technical components within the environment
  • Conduct ad-hoc security architecture/application reviews to assess new risks, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence
  • Pre-audit analysis, strategic product analysis, diligence for components/technologies under review. Support for product testing in the course of audit and provide the post-audit analysis and assessment

What you’ve accomplished:

  • BS degree or higher in Computer Engineering, MIS or in a STEM major (Science, Technology, Engineering or Math)
  • 4+ years of relevant experience in architecting security solutions and in-depth knowledge of security protocols/tools, and automation in the healthcare industry
  • Familiarity with one or more industry security compliance frameworks and/or regulations  such as ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, HITRUST, SOC 1, SOC 2, International Privacy Requirements including EU Privacy and Safe Harbor
  • Fair understanding of cloud security concepts such as DevSecOps, IaaC, CI/CD, SAST, etc.
  • Demonstrated understanding of agile secure software development lifecycle and ability to distinguish the core inputs and outputs in each cycle
  • Attention to detail and a thorough approach to problem-solving
  • Ability to efficiently handle ambiguity and appropriately prioritize competing projects
  • Ability to work autonomously on multiple projects with a geographically distributed team
  • Strong written and verbal communication skills
  • Industry standard certifications such as CISSP, CISM, CRISC

How to get started:
If you’re excited by the idea of seeing yourself in this role at Headspace Health, please apply with your resume and a cover letter that best expresses your interest and unique qualifications.

How we feel about Diversity & Inclusion:   Headspace Health is committed to bringing together humans from different backgrounds and perspectives, providing employees with a safe and welcoming work environment free of discrimination and harassment. We strive to create a diverse & inclusive environment where everyone can thrive, feel a sense of belonging, and do impactful work together. As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace.    *Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Headspace Health. Please inform our Talent team if you need any assistance completing any forms or to otherwise participate in the application process.  

Headspace Health participates in the E-Verify Program.

Headspace Health is committed to protecting the privacy and security of your personal data. Please view our privacy notice here. 

Tags: Agile Audits Automation CI/CD CISM CISSP Cloud Compliance CRISC DevSecOps FedRAMP GDPR Go Governance HIPAA HITRUST ISO 27001 Privacy SAST SOC 1 SOC 2

Perks/benefits: Career development

Region: Remote/Anywhere
Job stats:  35  7  0

Other jobs like this

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.