Job Description

1 in 4 people in the US have a treatable mental health condition but most providers dont accept insurance making therapy too expensive for most people. Headways mission is to fix this by building a new mental healthcare system everyone can access. We started by solving the biggest barrier to care: insurance. The admin work - credentialing claims payment reconciliation - is a nightmare. Weve automated that.

But were going further. Over 75000 providers across all 50 states run their practice on our software serving over 1 million patients. We are building the best tools for therapists to run their entire practice reimagining the experience of finding a therapist and investing in the platform foundations to enable this at scale. We arent just a billing layer; we are becoming the platform where care actually happens.

Were a Series D company with $325M in funding (a16z Accel Spark Capital etc.) looking for exceptional people to help us achieve this mission. We want your time here to be the most meaningful experience of your career. Join us and help change mental healthcare for the better.

About the Role

Headway handles sensitive health data for millions of patients and that responsibility demands a security and compliance program that scales with the business. Were building out our dedicated GRC team to improve and mature our program!

Youll join the Security team and work across four pillars: security certifications (HITRUST SOC 2 PCI-DSS HIPAA) third-party risk management security awareness training and technical risk management. You wont be maintaining a stale compliance program youll be building a modern AI-enabled one at a company thats transforming how mental healthcare is delivered in the United States.

This role reports to Blake Atkinson Director of Security and partners closely with Privacy and Engineering teams.

What Youll Own

• Support HITRUST SOC 2 PCI-DSS and HIPAA audit readiness collecting evidence coordinating with assessors tracking control gaps and remediation timelines.
• Build and manage the vendor security assessment lifecycle questionnaires SOC 2/ISO reviews risk scoring and policy enforcement across procurement and renewals.
• Stand up and run Headways security awareness training program onboarding modules phishing simulations annual compliance training and completion tracking.
• Operate the centralized risk register identifying assessing and tracking technical security risks through mitigation and surfacing risk-informed priorities to engineering and security leadership.
• Partner cross-functionally with Privacy Legal IT and Engineering to embed compliance into how Headway operates not bolt it on after the fact.

Youd be a great fit if

• You have 5 years of experience in a GRC compliance or security risk role.
• You have working knowledge of at least two of: HITRUST SOC 2 PCI-DSS or HIPAA.
• Youve used a GRC platform like Vanta Drata OneTrust or similar to automate evidence collection or manage controls.
• You communicate compliance requirements clearly to both technical and non-technical audiences.
• You default to building repeatable processes over one-off heroics.
• Youre excited about using AI and modern tooling to scale compliance operations.
• Bonus: youve worked in healthcare or healthtech and understand what HIPAA means in practice not just in theory.

Why Headway

• Mission that matters your work directly protects millions of patients accessing mental healthcare.
• Real risk mitigation this isnt checkbox compliance; the data youre protecting and the programs youre building have direct tangible impact.
• Forward-thinking healthtech Headway is investing in AI-enabled security workflows and modern GRC tooling not spreadsheet-driven compliance.
• Build from scratch youre standing up Headways GRC function not inheriting legacy processes.

Compensation and Benefits:

The expected base pay range for this position is $161600 to 202000 based on a variety of factors including qualifications experience and geographic addition to base salary this role may be eligible for an equity grant depending on the position and level.

We are committed to offering a comprehensive and competitive total rewards package including robust health and wellness benefits retirement savings and meaningful ownership opportunities through equity. Compensation decisions are made holistically ensuring fairness and alignment with market benchmarks while recognizing individual contributions and potential.

• Benefits offered include:
• Equity compensation
• Medical Dental and Vision coverage
• HSA / FSA
• 401K
• Work-from-Home Stipend
• Therapy Reimbursement
• 16-week parental leave for eligible employees
• Carrot Fertility annual reimbursement and membership
• 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
• Flexible PTO
• Employee Assistance Program (EAP)
• Training and professional development

#LI-RJ1

We believe a teams strength is in its people and we cannot achieve this mission without a team that reflects the diversity of this problem across race ethnicity gender sexuality age national origin religion family status disability military status and experience. Headway is committed to the full inclusion of all qualified individuals. As part of this commitment Headway will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process to perform essential job functions and/or receive other benefits and privileges of employment please inform the recruiter when they contact you to schedule your interview.

Headway participates in E-Verify. To learn more click here.

A notice to Headway applicants: To protect yourself against phishing and recruitment fraud please note that Headway only accepts applications through our official careers page at Headway will never refer you to external websites ask for payment or personal information or conduct interviews via messaging apps. All official communication will come from a @ email address. If you are contacted by someone claiming to be from Headway via an unofficial channel please do not share any information and report it as spam.

Required Experience:

Senior IC

Job Tags

Similar Jobs