Senior Security & Compliance Analyst

About The Position

Requirements

• Bachelor’s degree or foreign equivalent in Computer Engineering, Management Information Systems, Cybersecurity or related field.
• Two (2) years of experience in the position offered, as a Security Analyst or related occupation.
• Experience with industry security compliance frameworks and regulations (ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, HITRUST, SOC 1, SOC 2, and international privacy requirements).
• Experience with cloud security concepts (DevSecOps, Infrastructure as Code (IaC), Continuous Integration/Continuous Deployment (CI/CD), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST)).
• Experience with agile secure software development lifecycle and distinguishing core inputs and outputs in each cycle.
• Experience with security engineering practices (incident response, anti-malware solutions, threat detection, and vulnerability management).
• Experience assessing and managing risks associated with third-party vendors and partners handling PII/PHI.
• Experience developing and delivering security awareness training, emphasizing compliance and best practices in handling sensitive client information.

Responsibilities

• Interact closely with other cyber security architects, privacy officer, general counsel, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements.
• Work closely with prospects and the proposal managers to provide detailed responses to security assessment questionnaires.
• Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all compliance requirements.
• Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace Health stack.
• Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over the effectiveness of controls.
• Serve as the subject matter expert who will actively guide the broader risk and compliance team on all security-related technical components within the environment.
• Conduct ad-hoc security architecture/application reviews to assess new risks, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence.
• Pre-audit analysis, strategic product analysis, diligence for components/technologies under review.
• Support for product testing in the course of audit and provide the post-audit analysis and assessment.

Benefits

• equity
• comprehensive healthcare coverage
• monthly wellness stipend
• retirement savings match
• lifetime Headspace membership
• generous parental leave