About the Risk and Compliance Analyst at Headspace:

At Headspace we take security and compliance seriously. As we increase our investment in information security and compliance we are looking for a Security and Compliance Analyst to ensure the confidentiality, integrity and availability of our systems and practices. 

How your skills and passion will come to life at Headspace:

• Serve as an industry knowledge expert on industry standards and security compliance frameworks and standards such as HITRUST, NIST CSF, GDPR, CCPA, ISO 27001/2
• Conduct internal security assessment to complete security risk assessment for clients and third-party vendor services
• Coordinate with cross-functional stakeholders and leaders to establish and maintain an IT risk management framework, and IT security standards and procedures
• Facilitate internal audits of Headspace Mobile and Web Applications for compliance with the NIST CSF, GDPR, HISTRUST, CCPA, and other related regulatory frameworks
• Become familiar with Headspace technology, and business stakeholders to understand risks and compliance critical to infrastructure, define potential business impact and establish corrective action plans
• Prepare, validate and maintain security documentation including, but not limited to: Information Security Policies, Information Security Procedures, IT Compliance Corrective and Preventive Action Plans (CAPA’s), Privacy and Business Impact assessments (BIA/PIA), and Annual and Quarterly Compliance Audit Procedures
• Prepare periodic reports on the status of Headspace internal controls
• Provide oversight for selection, design, implementation, operation, and maintenance of GRC technology to automate IT risk management activities

What you’ve accomplished:

• 2+ years of experience in security, risk, and compliance or related area
• Must have strong communication skills with the ability to interface with both executives and technical staff
• Knowledge in NIST CSF, SOC, ISO, and HITRUST CSF security standards
• Knowledge in Information Security industry best practices
• Experience in compliance audits in a lead or supporting role
• Experience in preparing compliance audit workpapers such as artifact request lists, standard test cases and test plans
• Experience with managing and supporting an Enterprise Risk Management (ERM) Lifecycle.
• Experience with managing third-party supply chain risk
• Familiarity with the use of Standard Information Gathering (SIG) for Third-Party Vendor Risk Assessments
• Experience using Atlassian Jira for team workload assignment and prioritization through Scrum or Kanban project management
• Experience configuring, managing and providing support for GRC or IRM tools such as Archer, ZenGRC or RSAM

How we feel about Diversity & Inclusion:

Headspace is committed to bringing together humans from different backgrounds and perspectives, providing employees with a safe and welcoming work environment free of discrimination and harassment. We strive to create a diverse & inclusive environment where everyone can thrive, feel a sense of belonging, and do impactful work together. As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace. 

*Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Headspace. Please inform our Talent team if you need any assistance completing any forms or to otherwise participate in the application process.

How to get started:

If you’re excited by the idea of seeing yourself in this role at Headspace, please apply with your CV and a cover letter that best expresses your interest and unique qualifications.