Security and Compliance Analyst II

Title: Security & Compliance Analyst II

Location: San Francisco - Hybrid United States

Job Description:

About the Security & Compliance Analyst II at Headspace:

At Headspace, we're pushing boundaries with cutting-edge innovations and a relentless focus on reliability, scalability, and purpose-driven impact. As a Security & Compliance Analyst, you'll help lead the charge in refining our risk & security programs, driving compliance excellence, and ensuring our product, applications, and infrastructure are secured to improve Headspace’s overall security posture. Join us in transforming the way we approach risk and security while advancing your career in a dynamic and meaningful environment where your expertise truly makes a difference.

You will support our efforts to bring innovative features to life, leverage cutting-edge technologies, and ensure our platform's reliability and scalability for over 65 million users. A big goal needs talented leadership, so come join us and give your career a sense of purpose!

What you will do:

• Own and provide oversight of programs across security, risk, compliance, and privacy at Headspace, helping implement and test controls in numerous security domains 
• Lead day-to-day coordination of external audits, including HITRUST, SOC 2, and Cyber Essentials+, by gathering evidence, managing stakeholders, and tracking remediation plans to completion
• Triage, track, and respond to B2B customer security questionnaires, ensuring timely, accurate, and scalable delivery of assurance documentation while implementing on-going automation efforts 
• Maintain and monitor the vendor risk management program, including onboarding reviews, risk assessments, reassessments, and supporting documentation workflows
• Partner with Product, Engineering, Legal, and IT teams to help conduct security reviews and embed privacy and compliance into the product development lifecycle
• Maintain security policies and procedures, ensuring they align with internal processes, audit frameworks, and regulatory requirements
• Support continuous improvement initiatives across GRC tooling, automation, and metrics/reporting infrastructure

What you will bring:

Required Skills:

• 3+ years of experience in a security, compliance, privacy, or risk-related role
• Bachelor’s degree in a related field (e.g., Information Security, Information Technology, Computer Science, etc. ) or equivalent practical experience in a security, compliance, or privacy-related role
• Foundational understanding of security, privacy, and compliance frameworks (e.g., SOC 2, HITRUST, HIPAA, ISO 27001 and NIST)
• Strong organizational and project management skills, with the ability to track multiple deadlines across audits, vendor reviews, and cross-functional initiatives
• Excellent written and verbal communication skills, especially in translating technical or policy-heavy material for varied audiences
• Comfortable working with SaaS tools such as Jira, Confluence, Google Workspace, and other GRC or project tracking systems
• Curiosity and initiative in learning security and risk concepts, with a growth mindset toward more technical domains

Preferred Skills:

• Experience in Healthcare or Health-Tech 
• Exposure to external audits or assessments, including the ability to interface with auditors and communicate security/compliance requirements internally
• Prior experience at a Big 4 firm or within a structured audit environment is a plus

Location:

This is a hybrid role located in our [San Francisco, Santa Monica] office, working 3 days per week from the office. 

Pay & Benefits:

The anticipated new hire base salary range for this full-time position is $100,800-$161,000 + equity + benefits. 

Our salary ranges are based on the job, level, and location, and reflect the lowest to highest geographic markets where we are hiring for this role within the United States. Within this range, individual compensation is determined by a candidate’s location as well as a range of factors including but not limited to: unique relevant experience, job-related skills, and education or training. 
Your recruiter will provide more details on the specific salary range for your location during the hiring process.

At Headspace, base salary is but one component of our Total Rewards package. We’re proud of our robust package inclusive of: base salary, stock awards, comprehensive healthcare coverage, monthly wellness stipend, retirement savings match, lifetime Headspace membership, generous parental leave, and more. Additional details about our Total Rewards package will be provided during the recruitment process.