Senior Security & Compliance Analyst

This is a fully remote position, open to applicants in California.

📋 Description

• Collaborate closely with other cybersecurity architects, the privacy officer, general counsel, engineering, and product management teams to ensure that robust security capabilities and controls are integrated within the technology stack, effectively mitigating security risks and adhering to the highest standards of security and compliance.

• Work in tandem with prospects and proposal managers to deliver comprehensive responses to security assessment questionnaires.

• Engage in ongoing research, design, advocacy, and recommendations for innovative security technologies, architectures, and products that ensure all compliance requirements are met.

• Act as the primary expert with a deep understanding of all security and compliance nuances within the Headspace Health stack.

• Cultivate the ability to adeptly navigate a highly complex environment to independently gather technical evidence, ensuring assurance over the effectiveness of controls.

• Serve as the subject matter expert who will actively guide the broader risk and compliance team regarding all security-related technical components within the environment.

• Perform ad-hoc security architecture and application reviews to evaluate new risks, stay informed about the latest cybersecurity technical risks, and promote a culture of continuous service improvement and excellence.

⛳️ Requirements

• Bachelor’s degree or foreign equivalent in Computer Engineering, Management Information Systems, Cybersecurity, or a related field.

• Two (2) years of experience in the offered position as a Security Analyst or in a related occupation.

• Familiarity with industry security compliance frameworks and regulations (ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, HITRUST, SOC 1, SOC 2, and international privacy requirements).

• Knowledge of cloud security concepts (DevSecOps, Infrastructure as Code (IaC), Continuous Integration/Continuous Deployment (CI/CD), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST)).

• Understanding of security engineering practices (incident response, anti-malware solutions, threat detection, and vulnerability management).

• Proficiency in assessing and managing risks associated with third-party vendors and partners handling PII/PHI.

• Capability to develop and deliver security awareness training, focusing on compliance and best practices for handling sensitive client information.

🏝️ Benefits

• Base salary

• Stock awards

• Comprehensive healthcare coverage

• Monthly wellness stipend

• Retirement savings match

• Lifetime Headspace membership

• Generous parental leave