Senior GRC Analyst
Juniper SquareSalary not specified
- Full Time
- Senior (5 to 8 years)
Not SpecifiedCompensation
Mid-level (3 to 4 years), Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Health Tech, Mental WellnessIndustries
Security & Compliance Analyst II
Position Overview
At Headspace, we're pushing boundaries with cutting-edge innovations and a relentless focus on reliability, scalability, and purpose-driven impact. As a Security & Compliance Analyst, you'll help lead the charge in refining our risk & security programs, driving compliance excellence, and ensuring our product, applications, and infrastructure are secured to improve Headspace’s overall security posture. Join us in transforming the way we approach risk and security while advancing your career in a dynamic and meaningful environment where your expertise truly makes a difference.
You will support our efforts to bring innovative features to life, leverage cutting-edge technologies, and ensure our platform's reliability and scalability for over 65 million users. A big goal needs talented leadership, so come join us and give your career a sense of purpose!
Responsibilities
- Own and provide oversight of programs across security, risk, compliance, and privacy at Headspace, helping implement and test controls in numerous security domains.
- Lead day-to-day coordination of external audits, including HITRUST, SOC 2, and Cyber Essentials+, by gathering evidence, managing stakeholders, and tracking remediation plans to completion.
- Triage, track, and respond to B2B customer security questionnaires, ensuring timely, accurate, and scalable delivery of assurance documentation while implementing on-going automation efforts.
- Maintain and monitor the vendor risk management program, including onboarding reviews, risk assessments, reassessments, and supporting documentation workflows.
- Partner with Product, Engineering, Legal, and IT teams to help conduct security reviews and embed privacy and compliance into the product development lifecycle.
- Maintain security policies and procedures, ensuring they align with internal processes, audit frameworks, and regulatory requirements.
- Support continuous improvement initiatives across GRC tooling, automation, and metrics/reporting infrastructure.
Requirements
Required Skills:
- 3+ years of experience in a security, compliance, privacy, or risk-related role.
- Bachelor’s degree in a related field (e.g., Information Security, Information Technology, Computer Science, etc.) or equivalent practical experience in a security, compliance, or privacy-related role.
- Foundational understanding of security, privacy, and compliance frameworks (e.g., SOC 2, HITRUST, HIPAA, ISO 27001 and NIST).
- Strong organizational and project management skills, with the ability to track multiple deadlines across audits, vendor reviews, and cross-functional initiatives.
- Excellent written and verbal communication skills, especially in translating technical or policy-heavy material for varied audiences.
- Comfortable working with SaaS tools such as Jira, Confluence, Google Workspace, and other GRC or project tracking systems.
- Curiosity and initiative in learning security and risk concepts, with a growth mindset toward more technical domains.
Preferred Skills:
- Experience in Healthcare or Health-Tech.
- Exposure to external audits or assessments, including the ability to interface with auditors and communicate security/compliance requirements internally.
- Prior experience at a Big 4 firm or within a structured audit environment is a plus.
Location
We are currently hiring this role remotely in the US and Hybrid for San Francisco (SF) and Los Angeles (LA). Candidates must permanently reside in the US full-time. For candidates with a primary residence in the greater SF and LA areas, this role will follow our hybrid model. You’ll work 3 days per week from our office, allowing for impactful in-office collaboration and connection, while enjoying the flexibility of remote work for the rest of the week. Your recruiter will share more details about our hybrid model.
Employment Type
- [Employment Type not specified]
Salary
- [Salary not specified]
Company Information
- About Headspace: At Headspace, we're pushing boundaries with cutting-edge innovations and a relentless focus on reliability, scalability, and purpose-driven impact. We are transforming the way people approach their mental health and well-being.
Application Instructions
- [Application Instructions not specified]
Skills
Security
Compliance
Risk Management
Privacy
HITRUST
SOC 2
Cyber Essentials+
Audit
Vendor Risk Management
Security Policies
Security Procedures
Product Development Lifecycle
Stakeholder Management
Remediation Plans
Automation
Headspace
Digital health platform for mindfulness and meditation
About Headspace
Headspace is a digital health platform focused on mindfulness and meditation, aimed at helping individuals improve their mental and physical well-being. The platform offers guided meditation sessions, daily mini-meditations, and exercises tailored for various needs such as sleep, stress, and anxiety. Users can access a limited selection of content for free, but a subscription to Headspace Plus unlocks the full range of services. This subscription model not only provides a steady revenue stream but also allows users to access comprehensive tools for mental health improvement. Headspace distinguishes itself from competitors by offering free access to its premium service for unemployed individuals, showcasing its commitment to supporting mental health during difficult times. The company's goal is to enhance the overall well-being of its users through accessible mindfulness practices.
Santa Monica, CaliforniaHeadquarters
2010Year Founded
$170.6MTotal Funding
DEBTCompany Stage
Consumer Software, HealthcareIndustries
1,001-5,000Employees