About the Information Security & Compliance Analyst at Headspace:

Provide Sales support for Information Security, Risk and Compliance assessment questionnaires associated with Headspace’s information security governance, risk management, and audit and compliance programs. The position will be expected to complete written responses to assigned information security requests, document supporting assessment artifacts, possess excellent verbal and writing skills, and practice effective project management skills. Must have direct enterprise liaison experience with Sales organizations in the United States and EMEA. The working day will be an early Eastern Standard time start to support our UK office and connect with our California based team on a daily basis

How your skills and passion will come to life at Headspace:

• Support the Sales process by participating in customer-initiated security due diligence and/or vendor qualification audits, reviewing security terms in customer contracts, and helping to respond to security questionnaires and documentation requests from customers
• Work with a variety of Client security assessment questionnaires in formats received such as Online Portal, Word, Excel, Adobe Acrobat, etc
• Work with a variety of Client Threat requests
• Scope out the security requests, gather responses from Knowledge Base Management System, generate reports/risk responses, and take initiative with subject matter experts when responses aren’t readily available while working against a tight deadline
• Interact with the sales, account management, product, and technical teams translating technical terminology into business terminology and vice versa
• Evolve your knowledge of Headspace products/services and respective information security controls.
• Maintain InfoSec Knowledge Base Management System
• Collaborate with IT and Business Risk Owners in the management of risk treatment/acceptance plans for related security risks and work within the information security governance process to elevate business needs and emerging requirements associated with US and EMEA security and privacy partnership requirements
• Participate and contribute to information security working groups and team meetings specifically to provide insights into the demands and needs of the Sales organization
• Consolidate and manage monthly dashboards and reporting of service deliverables on behalf of the Go-to-Market and Enterprise teams and communicate to management
• Serve as a subject matter expert for Information Security consulting to technical / non-technical management and staff related to all matters of the InfoSec questionnaire process, developing knowledge base content, and observations for improvements
• Provides input and expertise in collaboration with peers, junior team members and caregivers from adjacent departments, such as Information Technology (IT), Compliance, Legal, Privacy, Communications and Operations
• Prepares and presents detailed and high-level reports to internal and external stakeholders at multiple levels (up to Manager). On rare occasions, provides on-call after-hours support if an urgent need arises.

What you’ve accomplished:

• Bachelor’s degree in Computer Science, Information Technology, Cyber Security, Healthcare Information Technology or relevant field or equivalent knowledge and skills obtained through a combination of education, training and experience required
• Minimum of seven (7) years of experience in IT, information security, cyber risk management, compliance or a related field required; of which at least 5 years' experience in information security is required at a global scale
• Healthcare experience preferred, Financial or other regulated services accepted
• Knowledge on Security frameworks and standards such as HITRUST, GDPR, NIST, ISO 27001, GDPR, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards. Supported Standard Information Gathering (SIG) lite and core development
• Customer focus, including tact and diplomacy is required
• Excellent analytical and interpersonal skills; ability to lead a complex project independently, while functioning optimally under time constraints, established deadlines and within budget
• Good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes
• Excellent verbal and written communication skills; able to present information in clear, concise terms to all position levels in the organization, as well as business partners, vendors and technical staff.
• Strong project and time management skills required
• Ability to think on your feet, multi-task, prioritize, and work under pressure
• Proficiency with productivity and collaboration tools, such as Atlassian Suite (JIRA/Confluence) Google Suite, Microsoft Office, Slack, Box, and Zoom
• Excellent presentation and written communications skills and a team-focused attitude
• One or more relevant information security-related certifications desired such as CISSP, CISA, HCISPP, CCSP, CRISC, CISM, GPEN, GSEC, or Epic Security Coordinator

How we feel about Diversity & Inclusion:

Headspace is committed to bringing together humans from different backgrounds and perspectives, providing employees with a safe and welcoming work environment free of discrimination and harassment. We strive to create a diverse & inclusive environment where everyone can thrive, feel a sense of belonging, and do impactful work together. As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace. 

*Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Headspace. Please inform our Talent team if you need any assistance completing any forms or to otherwise participate in the application process.

How to get started:

If you’re excited by the idea of seeing yourself in this role at Headspace, please apply with your CV and a cover letter that best expresses your interest and unique qualifications.