Skip to content
HeadwayHeadwayNew York, NY

Senior Governance, Risk, Compliance (GRC) Analyst

Builds and matures GRC program supporting audits (HITRUST, SOC 2, PCI-DSS, HIPAA), manages vendor risk, security training, and technical risk register. Requires 5+ years GRC experience and knowledge of compliance frameworks.

162k – 202k/yr
Remote5+ YOESecurity Engineering

About the role

What You'll Own

  • Support HITRUST, SOC 2, PCI-DSS, and HIPAA audit readiness — collecting evidence, coordinating with assessors, tracking control gaps and remediation timelines.
  • Build and manage the vendor security assessment lifecycle — questionnaires, SOC 2/ISO reviews, risk scoring, and policy enforcement across procurement and renewals.
  • Stand up and run Headway's security awareness training program — onboarding modules, phishing simulations, annual compliance training, and completion tracking.
  • Operate the centralized risk register — identifying, assessing, and tracking technical security risks through mitigation, and surfacing risk-informed priorities to engineering and security leadership.
  • Partner cross-functionally with Privacy, Legal, IT, and Engineering to embed compliance into how Headway operates — not bolt it on after the fact.

You'd be a great fit if…

  • You have 5+ years of experience in a GRC, compliance, or security risk role.
  • You have working knowledge of at least two of: HITRUST, SOC 2, PCI-DSS, or HIPAA.
  • You've used a GRC platform like Vanta, Drata, OneTrust, or similar to automate evidence collection or manage controls.
  • You communicate compliance requirements clearly to both technical and non-technical audiences.
  • You default to building repeatable processes over one-off heroics.
  • You're excited about using AI and modern tooling to scale compliance operations.

Bonus: you've worked in healthcare or healthtech and understand what HIPAA means in practice, not just in theory.

Compensation and Benefits

The expected base pay range for this position is $161,600 to $202,000 based on a variety of factors including qualifications, experience, and geographic location. In addition to base salary, this role may be eligible for an equity grant.

Benefits offered include:

  • Equity compensation
  • Medical, Dental, and Vision coverage
  • HSA / FSA
  • 401K
  • Work-from-Home Stipend
  • Therapy Reimbursement
  • 16-week parental leave for eligible employees
  • Carrot Fertility annual reimbursement and membership
  • 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
  • Flexible PTO
  • Employee Assistance Program (EAP)
  • Training and professional development

Skills

HitrustSOC 2Pci-DssHIPAAVantaDrataOnetrustGrc PlatformsVendor Risk ManagementSecurity Awareness TrainingRisk RegisterAI Tools
Celonis

Senior Vulnerability Management Engineer

CelonisNew York, NY

Senior Vulnerability Management Engineer responsible for scanning, triaging, and remediating security vulnerabilities across cloud and on-premise infrastructure. Requires 5+ years in vulnerability management and expertise with Qualys, Nessus, CSPM, and SAST tools.

161k – 189k/yr
Hybrid5+ YOESecurity Engineering
Ramp

Senior Detection Engineer, Federal

RampNew York, NY

Senior Detection Engineer responds to security incidents, triages alerts, tunes runbooks, and builds automation for threat detection in federal environments. Requires 3-4 years IT experience, SOC background, and log analysis tools like ELK/Datadog.

160k – 221k/yr
Hybrid3+ YOESecurity Engineering
Metropolis

Senior Security Engineer, Infrastructure & Network Security

MetropolisLos Angeles, CA

Lead AWS and network security infrastructure, zero-trust initiatives, and cloud automation for enterprise environments. Requires strong AWS, networking, IAM, and scripting experience.

160k – 215k/yr
On-site5+ YOESecurity Engineering
Commure

Senior Software Engineer, Information Security

CommureMountain View, CA

Senior Software Engineer architects scalable detection frameworks, integrates threat intelligence into automated security pipelines, and builds AI-driven security operations using Python, Java, and tools like Splunk and AWS. Requires 6+ years experience, bachelor's in CS/cybersecurity, and expertise in SIEMs, cloud security, and compliance.

160k – 190k/yr
Hybrid6+ YOESecurity Engineering
Applied Intuition

Risk and Compliance Lead

Applied IntuitionSunnyvale, CA

Leads security GRC program, conducts enterprise risk assessments, manages compliance audits like SOC2/ISO 27001/TISAX, drives TPRM, and builds GRC infrastructure. Requires 6+ years in security compliance with hands-on audit and tooling experience.

160k – 190k/yr
On-site6+ YOESecurity Engineering