Senior Security & Compliance Analyst

Headspace•Los Angeles, CA

6h•Remote

About The Position

The Senior Security & Compliance Analyst at Headspace will play a crucial role in ensuring the security and compliance of the company's technology stack. This involves close collaboration with various teams, including cyber security architects, privacy officers, legal counsel, engineering, and product management, to implement and maintain robust security capabilities and controls. The analyst will also be responsible for responding to security assessment questionnaires from prospects, researching and recommending new security technologies, and serving as a subject matter expert on security and compliance matters within the Headspace Health stack. Additionally, the role requires the ability to independently retrieve technical evidence for control effectiveness, conduct ad-hoc security architecture reviews, and support pre-audit analysis and product testing. The position allows for telecommuting as per company policy.

Requirements

Bachelor’s degree or foreign equivalent in Computer Engineering, Management Information Systems, Cybersecurity or related field.
Two (2) years of experience in the position offered, as a Security Analyst or related occupation.
Experience with industry security compliance frameworks and regulations (ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, HITRUST, SOC 1, SOC 2, and international privacy requirements).
Experience with cloud security concepts (DevSecOps, Infrastructure as Code (IaC), Continuous Integration/Continuous Deployment (CI/CD), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST)).
Experience with agile secure software development lifecycle and distinguishing core inputs and outputs in each cycle.
Experience with security engineering practices (incident response, anti-malware solutions, threat detection, and vulnerability management).
Experience assessing and managing risks associated with third-party vendors and partners handling PII/PHI.
Experience developing and delivering security awareness training, emphasizing compliance and best practices in handling sensitive client information.

Responsibilities

Interact closely with other cyber security architects, privacy officer, general counsel, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements.
Work closely with prospects and the proposal managers to provide detailed responses to security assessment questionnaires.
Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all compliance requirements.
Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace Health stack.
Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over the effectiveness of controls.
Serve as the subject matter expert who will actively guide the broader risk and compliance team on all security-related technical components within the environment.
Conduct ad-hoc security architecture/application reviews to assess new risks, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence.
Perform pre-audit analysis, strategic product analysis, and diligence for components/technologies under review.
Support for product testing in the course of audit and provide the post-audit analysis and assessment.