Senior Security & Compliance Analyst
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Senior Security & Compliance Analyst at Headspace ensuring security capabilities and adherence to compliance frameworks. Collaborating with cross-functional teams to mitigate risks in technology stack.
Responsibilities:
- Interact closely with other cyber security architects, privacy officer, general counsel, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements.
- Work closely with prospects and the proposal managers to provide detailed responses to security assessment questionnaires.
- Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all compliance requirements.
- Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace Health stack.
- Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over the effectiveness of controls.
- Serve as the subject matter expert who will actively guide the broader risk and compliance team on all security-related technical components within the environment.
- Conduct ad-hoc security architecture/application reviews to assess new risks, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence.
Requirements:
- Bachelor’s degree or foreign equivalent in Computer Engineering, Management Information Systems, Cybersecurity or related field.
- Two (2) years of experience in the position offered, as a Security Analyst or related occupation.
- Experience with industry security compliance frameworks and regulations (ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, HITRUST, SOC 1, SOC 2, and international privacy requirements).
- Experience with cloud security concepts (DevSecOps, Infrastructure as Code (IaC), Continuous Integration/Continuous Deployment (CI/CD), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST)).
- Knowledge of security engineering practices (incident response, anti-malware solutions, threat detection, and vulnerability management).
- Skills in assessing and managing risks associated with third-party vendors and partners handling PII/PHI.
- Ability to develop and deliver security awareness training, emphasizing compliance and best practices in handling sensitive client information.
Benefits:
- base salary
- stock awards
- comprehensive healthcare coverage
- monthly wellness stipend
- retirement savings match
- lifetime Headspace membership
- generous parental leave
Similar Jobs
Senior Application Security Architect – AppSec
Senior Security Architect at Stone Tech focusing on integrating security into application development lifecycle. Collaborating with development teams to prevent vulnerabilities and enhance security measures.
IT and Information Security Coordinator
IT and Information Security Coordinator at Tenchi managing security and IT support roles. Focused on Third-Party Cyber Risk Management with a dedicated team across multiple countries.
Senior Enterprise Architect, Security
Senior or Principal Enterprise Architect at Workday leading security-focused strategic conversations with customers. Using deep technology expertise to translate complex concepts into clear business outcomes.
Infrastructure Security Engineer, Secret Clearance
Infrastructure Security Engineer managing security for Protected B classified environments. Responsible for implementing security controls for cloud deployments and ensuring compliance with Canadian government standards.
Learning Facilitator, Security and Property Protection
WBS TRAINING employee representing the area of security and protective services. Focusing on competency development of course participants in a home office setting.
Security Advisor – Control Assessor
Security Advisor performing control gap assessments and advising on compliance in cybersecurity. Collaborating with clients to improve security measures and deliver tailored solutions.
Vice President – Technology and Security
Vice President of Technology and Security leading the technology strategy at NSTXL. Overseeing cybersecurity, AI strategy, and enterprise systems for government and defense environments.
Identity Security Manager – GOV
Identity Security Manager leading IAM and PAM operations for PNC's secure payment integration technology. Overseeing access management and driving continuous improvement in security processes.
Identity & Devices Security Architect – Client Consulting
Security Architect at Cyclotron designing Microsoft 365 Identity and Device Management tools. Collaborate with clients to improve security posture across Microsoft ecosystems.
Director of AI Security
Senior Leader for Securing AI responsible for defining and executing AI security strategy. Overseeing risk management for AI systems across the enterprise for leading healthcare technologies.
Cybersecurity Engineer II
Cybersecurity Engineer II responsible for security oversight and compliance of enterprise products and information systems. Collaborating with teams to ensure best security practices and address vulnerabilities.
Director of Cyber Security Architecture, Engineering Services
Director leading Cyber Security Architecture and Engineering at U.S. Fin Tech. Overseeing design and execution while ensuring compliance to cyber security policies.
Senior Security Engineer, GRC Automation
Senior Security Engineer designing and implementing GRC automation workflows at 1Password. Partnering with the Senior Manager of GRC to enhance security operations and compliance.
Lernbegleiter:in Sicherheit und Objektschutz
Trainer for security and protection at WBS TRAINING focusing on participants' competency development and utilizing various teaching methods. Providing specialist education from home office in WBS LearnSpace 3D.
AWS Cloud Security, ICAM Specialist
AWS Cloud Security and ICAM Specialist designing and managing secure authentication for cloud applications. Ensuring compliance with federal identity governance and cloud security principles.
Staff Security Engineer
Staff Security Engineer at Order.co driving security architecture and mentoring engineers. Overseeing technical improvements and complex security initiatives to protect company data.
Information Security Assessor – QSA Certified
Information Security Assessor leading PCI DSS assessments and client engagements in cybersecurity compliance at RSI Security. Collaborating with stakeholders and ensuring compliance with regulatory frameworks.
External Industry Risk & Security Governance Representative – ISO 17021, 17020, 42006
External Industry Risk & Security Governance Representative serving on the Impartiality Committee for RSI Security. Managing governance oversight and ensuring impartiality in certification processes with extensive industry experience.
Analista Blue Team – IBM QRadar
Analista Blue Team at It4us responsible for monitoring and incident response in corporate environments. Engage in high-criticality cybersecurity operations using IBM QRadar.
Especialista em Cyber Segurança – Resposta a Incidentes
Specialist in Cyber Security coordinating incident response operations at Grupo Casas Bahia. Evaluating and optimizing incident response processes and ensuring alignment with security policies.