Security & Compliance Analyst II

Summary

Join Headspace as a Security & Compliance Analyst II and help refine risk & security programs, drive compliance excellence, and ensure the security of our products, applications, and infrastructure. You will oversee security, risk, compliance, and privacy programs, coordinate external audits (HITRUST, SOC 2, Cyber Essentials+), triage security questionnaires, manage the vendor risk management program, partner with cross-functional teams on security reviews, maintain security policies and procedures, and support continuous improvement initiatives. This role requires 3+ years of experience in a security-related role, a bachelor's degree or equivalent experience, and a foundational understanding of security frameworks. The position offers a competitive salary, equity, and benefits, including comprehensive healthcare coverage, a monthly wellness stipend, retirement savings match, and generous parental leave. We are currently hiring remotely in the US and offer a hybrid model for San Francisco and Los Angeles.

Requirements

• 3+ years of experience in a security, compliance, privacy, or risk-related role
• Bachelor’s degree in a related field (e.g., Information Security, Information Technology, Computer Science, etc. ) or equivalent practical experience in a security, compliance, or privacy-related role
• Foundational understanding of security, privacy, and compliance frameworks (e.g., SOC 2, HITRUST, HIPAA, ISO 27001 and NIST)
• Strong organizational and project management skills, with the ability to track multiple deadlines across audits, vendor reviews, and cross-functional initiatives
• Excellent written and verbal communication skills, especially in translating technical or policy-heavy material for varied audiences
• Comfortable working with SaaS tools such as Jira, Confluence, Google Workspace, and other GRC or project tracking systems
• Curiosity and initiative in learning security and risk concepts, with a growth mindset toward more technical domains

Responsibilities

• Own and provide oversight of programs across security, risk, compliance, and privacy at Headspace, helping implement and test controls in numerous security domains
• Lead day-to-day coordination of external audits, including HITRUST, SOC 2, and Cyber Essentials+, by gathering evidence, managing stakeholders, and tracking remediation plans to completion
• Triage, track, and respond to B2B customer security questionnaires, ensuring timely, accurate, and scalable delivery of assurance documentation while implementing on-going automation efforts
• Maintain and monitor the vendor risk management program, including onboarding reviews, risk assessments, reassessments, and supporting documentation workflows
• Partner with Product, Engineering, Legal, and IT teams to help conduct security reviews and embed privacy and compliance into the product development lifecycle
• Maintain security policies and procedures, ensuring they align with internal processes, audit frameworks, and regulatory requirements
• Support continuous improvement initiatives across GRC tooling, automation, and metrics/reporting infrastructure

Preferred Qualifications

• Experience in Healthcare or Health-Tech
• Exposure to external audits or assessments, including the ability to interface with auditors and communicate security/compliance requirements internally
• Prior experience at a Big 4 firm or within a structured audit environment is a plus

Benefits

• Comprehensive healthcare coverage
• Monthly wellness stipend
• Retirement savings match
• Generous parental leave