Senior Security & Compliance Analyst

Senior Security & Compliance Analyst

Remote - Los Angeles, CA

About the Senior Security & Compliance Analyst at Headspace:

What you will do:

• Interact closely with other cyber security architects, privacy officer, general counsel, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements.
• Work closely with prospects and the proposal managers to provide detailed responses to security assessment questionnaires.
• Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all compliance requirements.
• Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace Health stack.
• Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over the effectiveness of controls.
• Serve as the subject matter expert who will actively guide the broader risk and compliance team on all security-related technical components within the environment.
• Conduct ad-hoc security architecture/application reviews to assess new risks, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence. Pre-audit analysis, strategic product analysis, diligence for components/technologies under review.
• Support for product testing in the course of audit and provide the post-audit analysis and assessment.
• Telecommuting permitted pursuant to company policy.

What you will bring:

Required Skills:

• Education Requirements: Bachelor's degree or foreign equivalent in Computer Engineering, Management Information Systems, Cybersecurity or related field.
• Experience Requirements: Two (2) years of experience in the position offered, as a Security Analyst or related occupation.
• Must have experience with the following: industry security compliance frameworks and regulations (ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, HITRUST, SOC 1, SOC 2, and international privacy requirements; cloud security concepts (DevSecOps, Infrastructure as Code (IaC), Continuous Integration/Continuous Deployment (CI/CD), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST)); agile secure software development lifecycle and distinguishing core inputs and outputs in each cycle; security engineering practices (incident response, anti-malware solutions, threat detection, and vulnerability management); assessing and managing risks associated with third-party vendors and partners handling PII/PHI; developing and delivering security awareness training, emphasizing compliance and best practices in handling sensitive client information.

Location:

We are currently hiring this role remotely in the Los Angeles, CA area. Candidates must permanently reside in the US full-time.

Pay & Benefits:

The anticipated new hire base salary range for this full-time position is $122,400 - $195,500 + equity + benefits.

Our salary ranges are based on the job, level, and location, and reflect the lowest to highest geographic markets where we are hiring for this role within the United States. Within this range, individual compensation is determined by a candidate's location as well as a range of factors including but not limited to: unique relevant experience, job-related skills, and education or training. Your recruiter will provide more details on the specific salary range for your location during the hiring process.

At Headspace, base salary is but one component of our Total Rewards package. We're proud of our robust package inclusive of: base salary, stock awards, comprehensive healthcare coverage, monthly wellness stipend, retirement savings match, lifetime Headspace membership, generous parental leave, and more. Additional details about our Total Rewards package will be provided during the recruitment process.

About Headspace

Headspace exists to provide every person access to lifelong mental health support. We combine evidence-based content, clinical care, and innovative technology to help millions of members around the world get support that's effective, personalized, and truly accessible whenever and wherever they need it.

At Headspace, our values aren't just what we believe, they're how we work, grow, and make an impact together. We live them daily: Make the Mission Matter, Iterate to Great, Own the Outcome, and Connect with Courage. These values shape our decisions, guide our collaborations, and define our culture. They're our shared commitment to building a more connected, human-centered team—one that's redefining how mental health care supports people today and for generations to come.

Why You'll Love Working Here:

• A mission that matters—with impact you can see and feel
• A culture that's collaborative, inclusive, and grounded in our values
• The chance to shape what mental health care looks like next
• Competitive pay and benefits that support your whole self

How we feel about Diversity, Equity, Inclusion and Belonging:

Headspace is committed to bringing together humans from different backgrounds and perspectives, providing employees with a safe and welcoming work environment free of discrimination and harassment. We strive to create a diverse & inclusive environment where everyone can thrive, feel a sense of belonging, and do impactful work together.

As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace.

*Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Headspace. Please inform our Talent team by filling out this form if you need any assistance completing any forms or to otherwise participate in the application or interview process.

Headspace participates in the E-Verify Program.

Privacy Statement

All member records are protected according to our Privacy Policy. Further, while employees of Headspace (formerly Ginger) cannot access Headspace products/services, they will be offered benefits according to the company's benefit plan. To ensure we are adhering to best practice and ethical guidelines in the field of mental health, we take care to avoid dual relationships. A dual relationship occurs when a mental health care provider has a second, significantly different relationship with their client in addition to the traditional client-therapist relationship—including, for example, a managerial relationship.

As such, Headspace requests that individuals who have received coaching or clinical services at Headspace wait until their care with Headspace is complete before applying for a position. If someone with a Headspace account is hired for a position, please note their account will be deactivated and they will not be able to use Headspace services for the duration of their employment.

Further, if Headspace cannot find a role that fails to resolve an ethical issue associated with a dual relationship, Headspace may need to take steps to ensure ethical obligations are being adhered to, including a delayed start date or a potential leave of absence. Such steps would be taken to protect both the former member, as well as any relevant individuals from their care team, from impairment, risk of exploitation, or harm.

For how how we will use the personal information you provide as part of the application process, please see: