GRC CareersAGJ, the AI governance job boardPost a Job

Jobs › Senior Governance, Risk, Compliance (GRC) Analyst

Senior Governance, Risk, Compliance (GRC) Analyst

Headway

Role at a glance

Category
Compliance
Work arrangement
On-site
Location
San Francisco, CA
Salary range
$161,600
Posted
Jun 17, 2026
Apply for this roleApplications go directly to Headway
ShareEmailLinkedInXFacebookPrint / Save PDF

Headway is hiring a Senior Governance, Risk, Compliance (GRC) Analyst in San Francisco, CA. This is a Compliance role in the governance, risk, and compliance field, with a posted range of $161,600. Review the full details below and apply directly with Headway.

1 in 4 people in the US have a treatable mental health condition, but most providers don't accept insurance, making therapy too expensive for most people. Headway’s mission is to fix this by building a new mental healthcare system everyone can access. We started by solving the biggest barrier to care: insurance. The admin work - credentialing, claims, payment reconciliation - is a nightmare. We've automated that. But we're going further. Over 75,000 providers across all 50 states run their practice on our software, serving over 1 million patients. We are building the best tools for therapists to run their entire practice, reimagining the experience of finding a therapist, and investing in the platform foundations to enable this at scale. We aren't just a billing layer; we are becoming the platform where care actually happens. We're a Series D company with $325M+ in funding (a16z, Accel, Spark Capital, etc.), looking for exceptional people to help us achieve this mission. We want your time here to be the most meaningful experience of your career. Join us, and help change mental healthcare for the better. About the Role Headway handles sensitive health data for millions of patients — and that responsibility demands a security and compliance program that scales with the business. We're building out our dedicated GRC team to improve and mature our program! You'll join the Security team and work across four pillars: security certifications (HITRUST, SOC 2, PCI-DSS, HIPAA), third-party risk management, security awareness training, and technical risk management. You won't be maintaining a stale compliance program — you'll be building a modern, AI-enabled one at a company that's transforming how mental healthcare is delivered in the United States. This role reports to Blake Atkinson, Director of Security, and partners closely with Privacy and Engineering teams. What You'll Own Support HITRUST, SOC 2, PCI-DSS, and HIPAA audit readiness — collecting evidence, coordinating with assessors, tracking control gaps and remediation timelines. Build and manage the vendor security assessment lifecycle — questionnaires, SOC 2/ISO reviews, risk scoring, and policy enforcement across procurement and renewals. Stand up and run Headway's security awareness training program — onboarding modules, phishing simulations, annual compliance training, and completion tracking. Operate the centralized risk register — identifying, assessing, and tracking technical security risks through

Full responsibilities and requirements are on Headway's application page.

Apply for this role →
About Headway
Hiring for governance, risk, and compliance roles on GRC Careers.
Browse all Headway roles →

Location and market context

This role is based in San Francisco, CA on-site. Local candidates benefit from being close to Headway's teams and regional hiring market. Confirm the exact in-office expectation and any relocation support with the employer.

About compliance roles

Compliance programs turn law, regulation, and policy into controls the business can actually run. Demand is strongest where regulatory change, enforcement risk, and new technology intersect. Roles like this one are typically evaluated against frameworks such as relevant regulatory frameworks, control libraries, and audit and monitoring practices.

How to position yourself for this compliance role

Strong candidates emphasize building and monitoring controls, regulatory mapping, policy and training, and partnering with the business to make compliance practical. In your resume and outreach, tie your experience to how Headway would apply relevant regulatory frameworks, control libraries, and audit and monitoring practices, and lead with concrete outcomes rather than duties.

Similar GRC roles

QUALITY ASSURANCE SPECIALIST - TITLE 32
Air National Guard Units
Robins AFB, Georgia$75k to $97k
Director, Compliance
Columbia University Medical Center
New York, NY$150k to $160k
QUALITY ASSURANCE SPECIALIST (SHIPBUILDING)
United States Fleet Forces Command
Kittery, Maine$70k to $110k
IT Specialist (Quality Assurance Analyst)
Bonneville Power Administration
Portland, Oregon$115k to $149k
QUALITY ASSURANCE SPECIALIST (PROJECTS)
United States Fleet Forces Command
Naval Shipyard, Portsmouth$108k to $140k
Supervisory Program Manager (Insider Threat Program)
U.S. Secret Service
Washington, District of Columbia$169k to $197k
Get more roles like this by email
We will email you new Compliance roles in San Francisco, CA as they post. Free and confidential, one click to unsubscribe.

More GRC jobs: All GRC roles · Browse by category & location