🛠 Tech Stack

💼 About This Role

You'll join Headway's Security team to build and mature a modern, AI-enabled GRC program. Your work directly protects millions of patients accessing mental healthcare. You'll stand up the GRC function from scratch, not inherit legacy processes.

🎯 What You'll Do

• Support HITRUST, SOC 2, PCI-DSS, and HIPAA audit readiness
• Build and manage vendor security assessment lifecycle
• Stand up and run security awareness training program
• Operate centralized risk register and surface risk-informed priorities

📋 Requirements

• 5+ years in a GRC, compliance, or security risk role
• Working knowledge of at least two of: HITRUST, SOC 2, PCI-DSS, or HIPAA
• Experience with a GRC platform like Vanta, Drata, OneTrust, or similar
• Ability to communicate compliance requirements to both technical and non-technical audiences

✨ Nice to Have

• Worked in healthcare or healthtech
• Understanding of HIPAA in practice, not just theory

🎁 Benefits & Perks

• 💰 Equity compensation
• 🏥 Medical, Dental, and Vision coverage
• 🏖️ Flexible PTO
• 👶 16-week parental leave
• 📚 Training and professional development

📨 Hiring Process

Estimated timeline: 2-4 weeks · AI estimate

1. 1Recruiter Phone Screen· 30 min
2. 2Technical Interview with Hiring Manager· 60 min
3. 3Cross-functional Panel· 60 min
4. 4Offer· N/A