About the Application Security Manager at Headspace:

Headspace is looking for a Application Security Manager, based in our Santa Monica office, reporting into Head of Platform Engineering.

The Manager of Application Security is responsible for ensuring the overall security, integrity and availability of Headspace software application systems and its data.

This is a unique opportunity to leverage your skills in a role that is truly cross-functional; working closely with the product engineering team on product security as well as initiatives that branch into build pipelines, CI/CD and our DevOps teams. This role will be a critical influencer in driving the overall enterprise information security strategy with visibility and direct exposure to executive management.

This is a highly technical role. You will be working closely with seasoned application developers, engineers, and technologists. In some form or fashion, you have been a seasoned and senior individual contributor or team lead and know your security technology controls forward and backward. You have delivered, from larger enterprise-grade commercial security technology implementations and complex integrations. You looking to grow your career and are not unwilling to roll up your sleeves and lead by example.

You’ll strive to ensure Headspace has best in class security policies which you’ll be responsible for defining In addition to driving teams to adhere to our policies, you’ll also own compliance evaluations and adherence (ie Hitrust, HIPAA).

How your skills and passion will come to life at Headspace:

• As a technologist with a background in software development who has a passion for security you’ll be responsible for inspiring teams to deliver best in class security solutions
• Form a strategy for and oversee execution of testing, improving, and automating security in Headspace software applications
• Own roadmap and delivery of key programs, and implement effective controls to enhance the company’s security posture
• Assist with compliance programs by assessing control frameworks and compliance risks, facilitating meetings with auditors and fulfilling evidence requests
• Develop application security policies, tools to enable the engineering organization to comply, partner with delivery teams to execute, and track adherence to policies
• Monitor internal and vendor compliance with company security policies, standards, and procedures
• Evaluation of existing technical capabilities and identification of opportunities for improvements
• Ensure Headspace implements processes to identify potential vulnerabilities and their impact; develop and implement risk responses
• Establish and manage relationships with external information security technology vendors, and specialized information security professional services firms, including participation in the evaluation of capabilities, and negotiation of agreements between the company and these entities
• Create and maintain processes to ensure timely response to customer security questionnaires and manage/coordinate external audits

What you’ve accomplished:

• Must have 5+ years experience as a hands-on software engineer
• Must have led or played a key role implementing a formal Information Security Program in the past 2-3 years
• In-depth knowledge of GDPR
• Strong ability to work collaboratively with various technology and business leaders to mutually achieve business and security goals
• Must have a clear understanding of the challenges of information security
• Must be able to communicate with and present to senior management and peer groups
• Experience securing PII data
• Bachelor's degree in Computer Science, Information Systems, Engineering or related major

Big plus, if you:

• Professional information security certification, e.g. Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)
• Worked on compliance around: HIPAA, HITRUST, GDPR
• Holder of at least one Security Certification- CISSP, HCISPP, SSCP, CCSP, or CISM
• Have designed secure infrastructure systems in public cloud environments

How to get started:

If you’re excited by the idea of seeing yourself in this role at Headspace, please apply with your CV and a cover letter that best expresses your interest and unique qualifications.