About the Chief Information Security Officer at Headspace:

As the CISO, you will be the cornerstone of Headspace’s cybersecurity framework, ensuring our systems, data, and processes meet the highest standards of security, especially under stringent health tech regulations such as HIPAA, CCPA, GDPR, etc. You will oversee all aspects of cybersecurity, maintaining the integrity and confidentiality of sensitive information, and safeguarding our infrastructure against emerging cyber threats.

What you will do:

• Cybersecurity Leadership: Oversee the development, implementation, and management of Headspace’s comprehensive Cybersecurity Program, aligning with industry best practices and regulatory requirements.
• Risk Management and Compliance: Conduct thorough cybersecurity risk assessments, providing recommendations for risk remediation. Ensure continuous compliance with HIPAA, CCPA, GDPR, and other relevant regulations.
• Policy Development and Review: Regularly review and update cybersecurity policies, retaining documentation and evidence of reviews, actions taken, and systems analyzed.
• Strategic Guidance and Reporting: Provide strategic cybersecurity guidance to the CTO and other senior leaders. Regularly report on cybersecurity matters to the Headspace board.
• Third-Party and Vendor Risk Management: Supervise and mitigate risks associated with third-party vendors and system dependencies.
• Cross-Functional Collaboration: Work closely with Engineering, Legal, and Care Services teams to embed security, privacy, and compliance considerations in all solutions.
• Culture of Security: Promote a company-wide culture of cybersecurity awareness and compliance.

What you will bring:

Required Skills:

• 12+ years of experience in cybersecurity, with a strong preference for candidates with experience in healthcare or another highly regulated sector.
• Extensive knowledge of and experience with security systems and protocols in a health tech environment.
• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
• In-depth understanding of industry standards, frameworks, and regulations related to cybersecurity (e.g., HITRUST, NIST, ISO, GDPR, MITRE, Cloud Security Alliance).
• Experience with artificial intelligence (AI) and machine learning (ML) related security and privacy risk management.
• Professional certifications in information security (CISSP, CISM, etc.) are highly desirable.
• Proven expertise in cloud systems (preferably AWS), container-based systems like Docker or Kubernetes, and programming languages like Python or Golang.
• Direct-to-consumer experience and data warehousing and analysis skills are a plus.
• Exceptional leadership and communication skills, with the ability to champion a culture of security across all levels of the organization.

Pay & Benefits:

The base salary range for this role is determined by a number of factors, including but not limited to skills and scope required, relevant licensure and certifications, and unique relevant experience and job-related skills. The base salary range for this role is $200,000-$300,000.

At Headspace, cash salary is but one component of our Total Rewards package. We’re proud of our robust package inclusive of: base salary, stock awards, comprehensive healthcare coverage, monthly wellness stipend, retirement savings match, lifetime Headspace membership, unlimited, free mental health coaching, generous parental leave, and much more. Paid performance incentives are also included for those in eligible roles. Additional details about our Total Rewards package will be provided during the recruitment process.

How we feel about Diversity, Equity, Inclusion and Belonging:

Headspace is committed to bringing together humans from different backgrounds and perspectives, providing employees with a safe and welcoming work environment free of discrimination and harassment. We strive to create a diverse & inclusive environment where everyone can thrive, feel a sense of belonging, and do impactful work together.

As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace.

*Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Headspace Health. Please inform our Talent Acquisition team by filling out this form if you need any assistance completing any forms or to otherwise participate in the application or interview process.

Headspace participates in the E-Verify Program.

Privacy Statement

All member records are protected according to our Privacy Policy. Further, while employees of Headspace (formerly Ginger) cannot access Headspace products/services, they will be offered benefits according to the company's benefit plan. To ensure we are adhering to best practice and ethical guidelines in the field of mental health, we take care to avoid dual relationships. A dual relationship occurs when a mental health care provider has a second, significantly different relationship with their client in addition to the traditional client-therapist relationship—including, for example, a managerial relationship.

As such, Headspace requests that individuals who have received coaching or clinical services at Headspace wait until their care with Headspace is complete before applying for a position. If someone with a Headspace account is hired for a position, please note their account will be deactivated and they will not be able to use Headspace services for the duration of their employment.

Further, if Headspace cannot find a role that fails to resolve an ethical issue associated with a dual relationship, Headspace may need to take steps to ensure ethical obligations are being adhered to, including a delayed start date or a potential leave of absence. Such steps would be taken to protect both the former member, as well as any relevant individuals from their care team, from impairment, risk of exploitation, or harm.

For how how we will use the personal information you provide as part of the application process, please see: https://organizations.headspace.com/page/applicant-notice.