Security & Compliance Analyst
About the Security & Compliance Analyst at Headspace Health:
The Security & Compliance Analyst will be a key member of the technical team responsible for worldwide compliance and enforcement at Headspace Health. This individual will work closely with the engineering, product, legal, customer success, marketing and sales teams, as well as internal and external auditors to promote security and compliance best practices and provide comprehensive data governance. They will be responsible for performing strategic analysis of available information, participating in field audits and enforcement, leveraging technical expertise and partnering with colleagues, as needed. The position will also act as a technical resource across the larger organization and external partners.
How your skills and passion will come to life at Headspace Health:
- Interact closely with other cyber security architects, privacy officer, general counsel, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements
- Work closely with prospects and the proposal managers to provide detailed responses to security assessment questionnaires
- Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all the compliance requirements
- Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace Health stack. Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over the effectiveness of controls
- Serve as the subject matter expert who will actively guide the broader risk and compliance team on all security-related technical components within the environment
- Conduct ad-hoc security architecture/application reviews to assess new risks, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence
- Pre-audit analysis, strategic product analysis, diligence for components/technologies under review. Support for product testing in the course of audit and provide the post-audit analysis and assessment
What you’ve accomplished:
- BS degree or higher in Computer Engineering, MIS or in a STEM major (Science, Technology, Engineering or Math)
- 4+ years of relevant experience in architecting security solutions and in-depth knowledge of security protocols/tools, and automation in the healthcare industry
- Familiarity with one or more industry security compliance frameworks and/or regulations such as ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, HITRUST, SOC 1, SOC 2, International Privacy Requirements including EU Privacy and Safe Harbor
- Fair understanding of cloud security concepts such as DevSecOps, IaaC, CI/CD, SAST, etc.
- Demonstrated understanding of agile secure software development lifecycle and ability to distinguish the core inputs and outputs in each cycle
- Attention to detail and a thorough approach to problem-solving
- Ability to efficiently handle ambiguity and appropriately prioritize competing projects
- Ability to work autonomously on multiple projects with a geographically distributed team
- Strong written and verbal communication skills
- Industry standard certifications such as CISSP, CISM, CRISC
How to get started:
If you’re excited by the idea of seeing yourself in this role at Headspace Health, please apply with your resume and a cover letter that best expresses your interest and unique qualifications.
Ginger is reinventing mental healthcare by coupling data science and virtual delivery to provide immediate, personal support for anyone. Care from our on-demand mental health system is delivered through the Ginger app, available on iOS and Android, where members can conveniently connect with Ginger’s team of behavioral health coaches - 24/7, 365 days a year. For those in need of additional support, a therapist or psychiatrist can be added to their care team. Over half a million people have access to Ginger through leading employers, health plans, and other partners. The World Economic Forum has identified Ginger’s AI technology as a Technology Pioneer, and the company was recognized as one of the top 10 Most Innovative Companies in Healthcare by Fast Company.
Important notice from the Ginger hiring team
In light of a recent increase in hiring scams, including some fraudulent postings posing as our company and team, and in an effort to provide more transparency and support for anyone applying to join our team, we want to share some information about our process:
• Our current openings are listed on www.ginger.com/careers; we highly encourage applicants to apply directly through our site.
• If you're selected to move onto the next phase of the hiring process, a member of our Talent Acquisition team will reach out to you directly from an @ginger.com or @ginger.io email address to guide you through our process.
• Our assessment process includes a number of interviews, all of which occur over phone calls or video calls.
• We will never ask for personal payment or require you to purchase equipment during our process.
Please always be sure to protect your personal information, and if you’re in doubt over the legitimacy of a Ginger job posting found on another site, review the listings www.ginger.com/careers or send an email to email@example.com to verify. Thank you for your time. We’re looking forward to connecting!