Senior Security & Compliance Analyst
Listed on 2026-06-26
-
IT/Tech
Cybersecurity, Information Security, IT Consultant
What you will do
- Interact closely with other cyber security architects, privacy officer, general counsel, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements.
- Work closely with prospects and the proposal managers to provide detailed responses to security assessment questionnaires.
- Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all compliance requirements.
- Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace Health stack.
- Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over the effectiveness of controls.
- Serve as the subject matter expert who will actively guide the broader risk and compliance team on all security-related technical components within the environment.
- Conduct ad-hoc security architecture/application reviews to assess new risks, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence. Pre-audit analysis, strategic product analysis, diligence for components/technologies under review.
- Support for product testing in the course of audit and provide the post-audit analysis and assessment.
- Telecommuting permitted pursuant to company policy.
Required Skills:
- Education Requirements:
Bachelor’s degree or foreign equivalent in Computer Engineering, Management Information Systems, Cybersecurity or related field. - Experience Requirements:
Two (2) years of experience in the position offered, as a Security Analyst or related occupation. - Must have experience with the following: industry security compliance frameworks and regulations (ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, HITRUST, SOC 1, SOC 2, and international privacy requirements); cloud security concepts (Dev Sec Ops , Infrastructure as Code (IaC), Continuous Integration/Continuous Deployment (CI/CD), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST)); agile secure software development lifecycle and distinguishing core inputs and outputs in each cycle;
security engineering practices (incident response, anti-malware solutions, threat detection, and vulnerability management); assessing and managing risks associated with third-party vendors and partners handling PII/PHI; developing and delivering security awareness training, emphasizing compliance and best practices in handling sensitive client information.
We are currently hiring this role remotely in the Los Angeles, CA area. Candidates must permanently reside in the US full-time.
Pay & BenefitsThe anticipated new hire base salary range for this full-time position is $122,400 - $195,500 + equity + benefits.
Our salary ranges are based on the job, level, and location, and reflect the lowest to highest geographic markets where we are hiring for this role within the United States. Within this range, individual compensation is determined by a candidate’s location as well as a range of factors including but not limited to: unique relevant experience, job-related skills, and education or training.
At Headspace, base salary is but one component of our Total Rewards package. We’re proud of our robust package inclusive of: base salary, stock awards, comprehensive healthcare coverage, monthly wellness stipend, retirement savings match, lifetime Headspace membership, generous parental leave, and more.
Equal Opportunity EmployerHeadspace is an equal opportunity employer and prohibits any unlawful discrimination against a job applicant on the basis of race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to fostering diversity across our workplace.
Applicants with disabilities may be entitled to reasonable accommodation under the ADA and certain state or local laws.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).