Senior Governance Risk and Compliance (GRC) Analyst - Remote

Overview

Headway’s mission is a big one – to build a new mental health care system everyone can access. We’ve built technology that helps people find great therapists with the first software-enabled national network of providers accepting insurance.

1 in 4 people in the US have a treatable mental health condition, but the majority of providers don’t accept insurance, making therapy too expensive for most people. Headway is building a new mental healthcare system that everyone can access by making it easy for therapists to accept insurance and scale their practice.

Headway was founded in 2019. Since then, we’ve grown into a diverse, national network of over 45,000 mental healthcare providers across all 50 states who run their practice on our software and have served over 1 million patients. We’re a Series D company with over $325m in funding from a16z (Andreessen Horowitz), Accel, GV (formerly Google Ventures), Spark Capital, Thrive Capital, Forerunner Ventures and Health Care Service Corporation.

We want your time here to be the most meaningful experience of your career. Join us, and help change mental healthcare for the better.

About Trust at Headway:

The Trust team at Headway is focused on security and privacy for all of Headway’s customers - therapists, patients, and payers (ex: insurance companies and health systems). As an early member on the team, you’ll have the unique opportunity to be the builder and driver of our dedicated, in-house security engineering efforts.

In this role, you will be expected to build, extend, and connect Headway risk and compliance processes that scale with the business. You will partner closely with members of Security, IT, and Headway Engineering teams to ensure Headway prioritizes the most important risks and exceeds compliance expectations.

What you’ll do at Headway:

• Building + maintaining a Common Controls Framework - align and continuously monitor shared compliance and risk controls across different certifications and customer requirements
• Coordinate security or privacy certification audits (e.g. SOC2, HiTrust, GDPR/CCPA, etc.) w/ external firms and Engineering and Security teams
• Partner with Trust and Engineering teams to identify risk signals - Collaborate with Trust and Engineering teams to recognize and flag potential risk signals during all stages of Headway event’s lifecycle.
• Assist in ongoing security operations: You will be part of the security and privacy team and have responsibilities to assist in incident response, vulnerability management, penetration testing, security reviews, and other operational tasks to ensure that our security program is operating at a world-class level.

Tools we use:

• Languages: Python 3, TypeScript
• Libraries: FastAPI, SQLAlchemy, React/Remix, Celery
• Datastores: PostgreSQL, Snowflake
• Infrastructure: AWS (ECS, S3, RDS), Cloudflare, Kafka

Infrastructure Security: Wiz

• Monitoring: Datadog, PagerDuty
• Version Control: Github
• Vulnerability Management: Semgrep

You’ll be great for this role if you have:

• Have 0 → 1 GRC experience: You have 5+ years experience alongside security and/or software engineering roles in startup or growth stage teams with a demonstrated history of delivering on governance, risk, and compliance goals.
• Strong cross-functional experience: You love partnering with other teams to help both teams achieve their goals.
• Strong technical depth and breadth: You have technical experience with secure product platforms. You want to understand security systems and improve process efficiency.
• Thrive in ambiguity: You love tackling ambiguous problems in a fast-paced environment with an optimistic and energizing attitude.
• Innovation at Scale: You seek opportunities to lead the industry in implementing the latest security and privacy technologies.
• Results driven: You care deeply about creating impact and driving results for Headway’s business.
• Mission driven: You are motivated by Headway’s mission, increasing access to high quality mental health care.

Our interview process

After you apply to Headway, here are some details of what to expect during the interview process.

• Initial screen: You’ll connect with someone in recruiting so you can learn more about the team, Headway’s mission and exciting growth, and we can get a better idea of your background.
• First round: You'll meet with the hiring manager to hear more about the role and team, and further illustrate the depth of your experience as it relates to the requirements of this specific role.
• Final rounds: You’ll meet several more team members for technical and non-technical interviews, including our CISO who this role reports to, and leave with a fuller picture of what it’s like to work at Headway.
• References and the Offer: Our favorite part of the process! We'll send over all of the details, including specifics on employee equity, and congratulatory messages from excited future team members!

Compensation and Benefits:

The expected base pay range for this position is $163,200 - $192,000, based on a variety of factors including qualifications, experience, and geographic location. In addition to base salary, this role may be eligible for performance-based variable compensation and an equity grant, depending on the position and level.

We are committed to offering a comprehensive and competitive total rewards package, including robust health and wellness benefits, retirement savings, and meaningful ownership opportunities through equity. Compensation decisions are made holistically, ensuring fairness and alignment with market benchmarks while recognizing individual contributions and potential.

• Benefits offered include:
• Equity compensation
• Medical, Dental, and Vision coverage
• HSA / FSA
• 401K
• Work-from-Home Stipend
• Therapy Reimbursement
• 16-week parental leave for eligible employees
• Carrot Fertility annual reimbursement and membership
• 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
• Flexible PTO
• Employee Assistance Program (EAP)
• Training and professional development

#LI-EM1