Senior Governance Risk and Compliance (GRC) Analyst

Summary

Join Headway's Trust team as an early member and build our in-house security engineering efforts. You will build, extend, and connect Headway risk and compliance processes. Partner with Security, IT, and Engineering teams to prioritize risks and exceed compliance expectations. Responsibilities include building and maintaining a Common Controls Framework, coordinating security audits (SOC2, HiTrust, GDPR/CCPA, etc.), identifying risk signals, and assisting in security operations (incident response, vulnerability management, penetration testing, etc.). The ideal candidate has 5+ years of GRC experience in startups, strong cross-functional experience, technical depth and breadth, thrives in ambiguity, and is results and mission-driven. Headway offers a competitive salary ($163,200-$192,000), equity, comprehensive benefits (health, dental, vision, 401k, parental leave), and a remote-work option.

Requirements

• Have 0 → 1 GRC experience: You have 5+ years experience alongside security and/or software engineering roles in startup or growth stage teams with a demonstrated history of delivering on governance, risk, and compliance goals
• Strong cross-functional experience: You love partnering with other teams to help both teams achieve their goals
• Strong technical depth and breadth: You have technical experience with secure product platforms. You want to understand security systems and improve process efficiency
• Thrive in ambiguity: You love tackling ambiguous problems in a fast-paced environment with an optimistic and energizing attitude
• Innovation at Scale : You seek opportunities to lead the industry in implementing the latest security and privacy technologies
• Results driven: You care deeply about creating impact and driving results for Headway’s business
• Mission driven: You are motivated by Headway’s mission, increasing access to high quality mental health care

Responsibilities

• Building + maintaining a Common Controls Framework - align and continuously monitor shared compliance and risk controls across different certifications and customer requirements
• Coordinate security or privacy certification audits (e.g. SOC2, HiTrust, GDPR/CCPA, etc.) w/ external firms and Engineering and Security teams
• Partner with Trust and Engineering teams to identify risk signals - Collaborate with Trust and Engineering teams to recognize and flag potential risk signals during all stages of Headway event’s lifecycle
• Assist in ongoing security operations: You will be part of the security and privacy team and have responsibilities to assist in incident response, vulnerability management, penetration testing, security reviews, and other operational tasks to ensure that our security program is operating at a world-class level

Benefits

• Equity compensation
• Medical, Dental, and Vision coverage
• HSA / FSA
• 401K
• Work-from-Home Stipend
• Therapy Reimbursement
• 16-week parental leave for eligible employees
• Carrot Fertility annual reimbursement and membership
• 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
• Flexible PTO
• Employee Assistance Program (EAP)
• Training and professional development