About the Senior Risk and Compliance Analyst at Headspace:

Headspace has one mission: to improve the health and happiness of the world. Headspace is a global leader in mindfulness through its app and online content offerings. At Headspace, our employees embody our three core values: selfless drive, courageous heart, and a curious mind.

We take security and compliance seriously. We are looking for a security engineer to accelerate our information security strategy. The right candidate will have excellent opportunities to define and grow the role over the coming years. We are looking for a Senior Risk and Compliance Analyst with extraordinary relationship and analytic acumen to liaise with all aspects of the organization: product, engineering, legal, HR, Sales and Marketing. You will focus on Risk and compliance management, drive internal audit, and translate regulatory or contractual requirements into mission-critical business priorities. This critical role is part of our Corporate Technology Information Security team, supporting all aspects of secure engineering, product development, and infrastructure objectives. You will work with a diverse team of talented leaders and contributors who all are working collaboratively to realize our vision of improving the health and happiness of the world.

How your skills and passion will come to life at Headspace:

• Serve as an industry knowledge expert on industry standards and security compliance frameworks such as SOX, SOC, HIPAA, HITRUST, GDPR, CCPA, ISO 27001/2.
• Drive collaboration and communication with cross-functional stakeholders to ensure a risk management program success.
• Conduct security and compliance risk assessment and manage risk.
• Coordinate with cross-functional stakeholders and leaders to establish and manage internal compliance programs.
• Manage and conduct internal audits for compliance with HIPAA, HITRUST, NIST CSF, GDPR, CCPA, and other related regulatory frameworks.
• Prepare, validate and maintain risk and compliance program documentations including, but not limited to: policies, standards and procedures.
• Conduct and manage periodic business impact analysis (BIA) and privacy impact analysis (PIA)
• Prepare periodic reports on the status of internal controls and compliance programs.
• Provide insight for selection, design, implementation, operation, and maintenance of risk and compliance management ecosystem and activities.
• Hands-on, technical work, while also being able to document standards, processes and guidelines.

What you’ve accomplished:

• 10+ years total experience with 5+ years in security, risk, and compliance or related areas demonstrating career growth and expertise.
• Must have strong communication skills with the ability to interface with technical staff.
• Knowledge in one or more of the following standards: SOX, HIPAA, SOC, ISO27001, and HITRUST.
• History of working with or in the healthcare and wellness industry
• Knowledge in Information Security and Compliance best practices.
• History of leading compliance audits or as a critical supporting member with experience preparing compliance audit workpapers such as artifact request lists, standard test cases and test plans.
• Experience managing vendor and third-party ecosystem and risk management.
• Experience configuring, managing and providing support for GRC or IRM tools such as Archer, ZenGRC or RSAM.
• Experience with supporting an Enterprise Risk Management (ERM) Lifecycle.
• Certification such as, CIPP, CISA, CRMA, CIA

How we feel about Diversity & Inclusion:

Headspace is committed to bringing together humans from different backgrounds and perspectives, providing employees with a safe and welcoming work environment free of discrimination and harassment. We strive to create a diverse & inclusive environment where everyone can thrive, feel a sense of belonging, and do impactful work together. As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace. 

*Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Headspace. Please inform our Talent team if you need any assistance completing any forms or to otherwise participate in the application process.

How to get started:

If you’re excited by the idea of seeing yourself in this role at Headspace, please apply with your CV and a cover letter that best expresses your interest and unique qualifications.