Security & Compliance Analyst II

Headspace Logo

Headspace

πŸ’΅ $100k-$161k
πŸ“Remote - United States

Summary

Join Headspace as a Security & Compliance Analyst II and play a key role in enhancing our risk and security programs. You will oversee security, risk, compliance, and privacy programs, implementing and testing controls. Lead external audits (HITRUST, SOC 2, Cyber Essentials+), manage stakeholder communications, and track remediation plans. You will also triage and respond to customer security questionnaires, maintain the vendor risk management program, and partner with cross-functional teams on security reviews. Maintain security policies and procedures, support continuous improvement initiatives, and contribute to a dynamic and meaningful work environment. This role offers the opportunity to leverage cutting-edge technologies and make a significant impact on Headspace's security posture.

Requirements

  • 3+ years of experience in a security, compliance, privacy, or risk-related role
  • Bachelor’s degree in a related field (e.g., Information Security, Information Technology, Computer Science, etc. ) or equivalent practical experience in a security, compliance, or privacy-related role
  • Foundational understanding of security, privacy, and compliance frameworks (e.g., SOC 2, HITRUST, HIPAA, ISO 27001 and NIST)
  • Strong organizational and project management skills, with the ability to track multiple deadlines across audits, vendor reviews, and cross-functional initiatives
  • Excellent written and verbal communication skills, especially in translating technical or policy-heavy material for varied audiences
  • Comfortable working with SaaS tools such as Jira, Confluence, Google Workspace, and other GRC or project tracking systems
  • Curiosity and initiative in learning security and risk concepts, with a growth mindset toward more technical domains

Responsibilities

  • Own and provide oversight of programs across security, risk, compliance, and privacy at Headspace, helping implement and test controls in numerous security domains
  • Lead day-to-day coordination of external audits, including HITRUST, SOC 2, and Cyber Essentials+, by gathering evidence, managing stakeholders, and tracking remediation plans to completion
  • Triage, track, and respond to B2B customer security questionnaires, ensuring timely, accurate, and scalable delivery of assurance documentation while implementing on-going automation efforts
  • Maintain and monitor the vendor risk management program, including onboarding reviews, risk assessments, reassessments, and supporting documentation workflows
  • Partner with Product, Engineering, Legal, and IT teams to help conduct security reviews and embed privacy and compliance into the product development lifecycle
  • Maintain security policies and procedures, ensuring they align with internal processes, audit frameworks, and regulatory requirements
  • Support continuous improvement initiatives across GRC tooling, automation, and metrics/reporting infrastructure

Preferred Qualifications

  • Experience in Healthcare or Health-Tech
  • Exposure to external audits or assessments, including the ability to interface with auditors and communicate security/compliance requirements internally
  • Prior experience at a Big 4 firm or within a structured audit environment is a plus

Benefits

  • Comprehensive healthcare coverage
  • Monthly wellness stipend
  • Retirement savings match
  • Lifetime Headspace membership
  • Generous parental leave

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.