Governance, Risk and Compliance Manager, WHOOP
4+ days a week in office
Wearable health and fitness devices
Be an early applicant
Wearable health and fitness devices
501-1000 employees
Be an early applicant
4+ days a week in office
501-1000 employees
Company mission
To unlock human performance by helping people find their inner potential.
Role
Who you are
- Degree in Information Security, Computer Science, or related field; Master's degree preferred or industry-recognized certifications such as CISSP, CISM, CISA CRISC, or equivalent
- Minimum of 5 years of experience in information security, risk management, audit, or compliance roles
- Understand a risk-informed approach to security that respects and supports business needs without compromising key security priorities
- Strong understanding of relevant regulations, standards, and frameworks (e.g., GDPR, SOC2, ISO 27001, NIST Cybersecurity Framework, etc.)
- Experience with global regulatory compliance and familiarity with regional data protection laws
- Excellent communication skills with the ability to effectively collaborate with cross-functional teams
- Proven track record of building and maturing GRC programs in complex, fast paced environments
- Strong analytical and problem-solving skills with attention to detail
- Detail-oriented with superior organizational and time-management skills - balancing multiple projects, deadlines, and requests
- Driven with a can-do attitude and determination to succeed
What the job involves
- WHOOP is seeking a GRC Manager to drive the development, implementation, and maintenance of our Governance, Risk, and Compliance (GRC) program
- Reporting directly to the Chief Information Security Officer (CISO), you will play a pivotal role in shaping our security landscape by applying standards-based best practices, ensuring compliance with global regulations, and communicating effectively with internal and external stakeholders
- As a hands-on leader, you spearhead initiatives to grow and mature the GRC team and processes, while also managing and resolving GRC support tickets
- Develop and Implement GRC Framework: Design, implement, and maintain an effective GRC framework aligned with industry best practices and regulatory requirements, including ISO 27001 and GDPR. Apply standards-based best practices to ensure the security program meets organizational needs
- Policy Development and Management: Develop, review, and update security policies, standards, and procedures in collaboration with relevant stakeholders to ensure global regulatory compliance. Communicate effectively about our policies and practices to internal and external stakeholders
- Risk Assessment and Management: Conduct risk assessments, maintain the risk register, and provide appropriate reporting to Executive leadership. Track and keep abreast of emerging risks, threats, legal and regulatory changes, and other developments in the security field
- Compliance Monitoring: Monitor and ensure compliance with internal policies, relevant regulations, standards, and contractual obligations (e.g., GDPR, ISO 27001) across global operations
- Vendor Risk Management: Assess and manage risks associated with third-party vendors and service providers through effective vendor risk management processes
- Incident Response and Investigation: Develop and maintain an incident response plan, coordinate incident response activities, and conduct post-incident investigations as needed
- Security Awareness and Training: Develop and deliver security awareness and training programs to educate employees on security policies, procedures, and best practices
- Audit Coordination: Serve as the primary point of contact for internal and external audits, coordinate audit activities, and ensure timely remediation of audit findings
- Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs): Lead the execution of PIAs and DPIAs to ensure compliance with privacy regulations and organizational policies
- GRC Queue Management: Actively participate in the GRC support queue, responding to and resolving inquiries and requests in a timely manner, demonstrating a commitment to providing excellent service
- Team Expansion Planning: Develop strategies and plans for expanding the GRC team and tools to support the growth and maturity of the GRC program
- Continuous Improvement: Identify process improvements and tools to improve security posture. Identify areas for improvement within the GRC program and partners,, implement enhancements, and drive continuous improvement initiatives
Our take
WHOOP develops wearable health-tracking devices designed to help athletes optimise their performance. Its technology continuously monitors recovery, sleep, and training hours to fine-tune both individual and team performance. Unlike competitors that primarily track exercise data, WHOOP's holistic approach includes metrics like heart rate variability, which can influence more effective and healthier exercise routines.
By focusing on a subscription model that includes the cost of the physical device, WHOOP differentiates itself from competitors that charge a higher one-time fee for their products. This model provides ongoing value and encourages users to stay engaged with their health data.
WHOOP's comprehensive monitoring of strain and recovery has given it a competitive edge, even as other brands like Fitbit have incorporated similar features. Beyond sports performance, WHOOP has conducted extensive research on predicting premature births, aiming to integrate these findings into their app. This commitment to broader health applications demonstrates WHOOP's dedication to advancing wearable health technology.
Steph
Company Specialist
Insights
Company
Funding (last 2 of 8 rounds)
Aug 2021
$200m
SERIES F
Oct 2020
$100m
SERIES E
Total funding: $404.8m
Company benefits
- TAKE TIME OFF: Our PTO plan encourages members to take time off in order to come back refreshed.
- LIVE A HEALTHY LIFESTYLE: Our benefits package includes premium medical, dental, and vision coverage for employees and their dependents. Life and disability insurance are also available.
- FEEL INVESTED: 401k and stock options to share in the future of WHOOP.
- EAT WELL: Keep hunger at bay with endless snacks in our fully stocked kitchen. Enjoy catered team lunches on Friday, and even a cold brew keg.
- KNOW THE PRODUCT: We offer you a WHOOP strap and membership at no cost.
- BE ACTIVE: Take advantage of our office gym and on-site showers, as well as a $500yearly wellness perk for fitness classes and memberships.
- BE PRESENT: Take care of your loved ones with 12 weeks paid parental leave, plus an additional 2 weeks to gradually return to work.
- LOVE WHERE YOU WORK: Sitting in the heart of Fenway, our beautiful office overlooks Fenway Park. A prime location for great food, not to mention catching a Sox game, too!
- WORK HARD, PLAY HARDER: If we don't already have a club here that fits your lifestyle and interests, you're encouraged to start one. Share your passions with others at work, or discover new ones!
Company values
- Our work is grounded in research, design, and privacy
- At WHOOP, the best idea wins
- We have a bias for action
- We operate at the intersection of high intensity and high humility
- Our differences are a source of strength
- We are obsessed with the member experience
Company HQ
West Fens, Boston, MA
Articles
Leadership
Will Ahmed
(CEO)Studied at Harvard. Worked as a Summer Analyst at Allen & Company and at Lindsay Goldberg. Founded Whoop in their final year.
Salary benchmarks
We don't have enough data yet to provide salary benchmarks for this role.
Submit your salary to help other candidates with crowdsourced salary estimates.
Diversity & Inclusion at WHOOP
- Under the umbrella of Inclusivity & Belonging, WHOOP operates a number of Employee Resource Groups (ERGs), including; Black at WHOOP, WHOOP GOOP (LGBTQ+), Women of WHOOP, Veterans & Military personnel, Adapt (Abled & Disabled Allies Partnering Together), and Wise (Women In Science & Engineering) .
Share this job
View 24 more jobs at WHOOP