Risk and Compliance Analyst
1 week ago
Serve as an industry knowledge expert on industry standards and security compliance frameworks and standards such as HITRUST, NIST CSF, GDPR, CCPA, ISO 27001/2.
Conduct internal security assessment to complete security risk assessment for clients and third-party vendor services.
Coordinate with cross-functional stakeholders and leaders to establish and maintain an IT risk management framework, and IT security standards and procedures.
Facilitate internal audits of Headspace Mobile and Web Applications for compliance with the NIST CSF, GDPR, HISTRUST, CCPA, and other related regulatory frameworks.
Become familiar with Headspace technology, and business stakeholders to understand risks and compliance critical to infrastructure, define potential business impact and establish corrective action plans.
Prepare, validate and maintain security documentation including, but not limited to: Information Security Policies, Information Security Procedures, IT Compliance Corrective and Preventive Action Plans (CAPA’s), Privacy and Business Impact assessments (BIA/PIA), and Annual and Quarterly Compliance Audit Procedures.
Prepare periodic reports on the status of Headspace internal controls.