Senior Governance, Risk, Compliance (GRC) Analyst

Headway
🇺🇸 San Francisco, CA
$2K - $2K Annual
Posted 2 weeks ago
Expires July 24, 2026
Full TimeOn-siteComplianceLegal TechOperations
Apply Now

Headway is seeking a Senior Governance, Risk, and Compliance (GRC) Analyst to join our Security team. This role is pivotal in enhancing and maturing our security and compliance programs as we handle sensitive health data for millions of patients. The GRC Analyst will collaborate closely with Privacy and Engineering teams to build a modern, AI-enabled compliance framework that scales with our rapidly growing business.

In this position, you will be responsible for supporting audit readiness for certifications such as HITRUST, SOC 2, PCI-DSS, and HIPAA by collecting evidence, coordinating with assessors, and tracking control gaps and remediation timelines. You will also build and manage the vendor security assessment lifecycle, including conducting questionnaires, reviewing SOC 2/ISO reports, risk scoring, and enforcing policies across procurement and renewals. Additionally, you will establish and run Headway's security awareness training program, encompassing onboarding modules, phishing simulations, annual compliance training, and completion tracking. Operating the centralized risk register to identify, assess, and track technical security risks through mitigation, and surfacing risk-informed priorities to engineering and security leadership, will also be key responsibilities. Furthermore, you will partner cross-functionally with Privacy, Legal, IT, and Engineering to embed compliance into Headway's operations.

The ideal candidate will have over five years of experience in a GRC, compliance, or security risk role, with working knowledge of at least two of the following: HITRUST, SOC 2, PCI-DSS, or HIPAA. Experience with GRC platforms like Vanta, Drata, or OneTrust to automate evidence collection or manage controls is essential. Strong communication skills are required to convey compliance requirements clearly to both technical and non-technical audiences. A preference for building repeatable processes over one-off solutions and enthusiasm for using AI and modern tooling to scale compliance operations are highly valued. Experience in healthcare or healthtech, with a practical understanding of HIPAA, is a plus.

The expected base salary for this position ranges from $161,600 to $202,000, depending on qualifications, experience, and geographic location. In addition to base salary, this role may be eligible for an equity grant. Headway offers a comprehensive and competitive total rewards package, including robust health and wellness benefits, retirement savings, and meaningful ownership opportunities through equity. Compensation decisions are made holistically, ensuring fairness and alignment with market benchmarks while recognizing individual contributions and potential.

Joining Headway means contributing to a mission that directly impacts millions of patients accessing mental healthcare. This role offers the opportunity to build a modern, AI-enabled compliance program from the ground up, rather than maintaining a legacy system. Headway is investing in forward-thinking healthtech solutions, including AI-enabled security workflows and modern GRC tooling, providing a dynamic and innovative work environment.

Promote this job listing

Featured placement from $99. Get up to 5x more views.

See promotion options →