Security & Compliance Analyst
About the Security & Compliance Analyst at Headspace Health:
The Security & Compliance Analyst will be a key member of the technical team responsible for worldwide compliance and enforcement at Headspace Health. This individual will work closely with the engineering, product, legal, customer success, marketing and sales teams, as well as internal and external auditors to promote security and compliance best practices and provide comprehensive data governance. They will be responsible for performing strategic analysis of available information, participating in field audits and enforcement, leveraging technical expertise and partnering with colleagues, as needed. The position will also act as a technical resource across the larger organization and external partners.
How your skills and passion will come to life at Headspace Health:
- Interact closely with other cyber security architects, privacy officer, general counsel, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements
- Work closely with prospects and the proposal managers to provide detailed responses to security assessment questionnaires
- Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all the compliance requirements
- Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace Health stack. Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over the effectiveness of controls
- Serve as the subject matter expert who will actively guide the broader risk and compliance team on all security-related technical components within the environment
- Conduct ad-hoc security architecture/application reviews to assess new risks, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence
- Pre-audit analysis, strategic product analysis, diligence for components/technologies under review. Support for product testing in the course of audit and provide the post-audit analysis and assessment
What you’ve accomplished:
- BS degree or higher in Computer Engineering, MIS or in a STEM major (Science, Technology, Engineering or Math)
- 4+ years of relevant experience in architecting security solutions and in-depth knowledge of security protocols/tools, and automation in the healthcare industry
- Familiarity with one or more industry security compliance frameworks and/or regulations such as ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, HITRUST, SOC 1, SOC 2, International Privacy Requirements including EU Privacy and Safe Harbor
- Fair understanding of cloud security concepts such as DevSecOps, IaaC, CI/CD, SAST, etc.
- Demonstrated understanding of agile secure software development lifecycle and ability to distinguish the core inputs and outputs in each cycle
- Attention to detail and a thorough approach to problem-solving
- Ability to efficiently handle ambiguity and appropriately prioritize competing projects
- Ability to work autonomously on multiple projects with a geographically distributed team
- Strong written and verbal communication skills
- Industry standard certifications such as CISSP, CISM, CRISC
How to get started:
If you’re excited by the idea of seeing yourself in this role at Headspace Health, please apply with your resume and a cover letter that best expresses your interest and unique qualifications.