As a GRC Analyst, you will support the WHOOP Governance, Risk, and Compliance program. You will help manage risk reviews, operational requests, and cross-functional security compliance workflows. Success in this role requires strong attention to detail, responsiveness and accountability through completion in a fast-paced environment.
A key focus of this role will be helping ensure GRC work is reviewed, prioritized, routed, tracked, and completed effectively. You will use intake and ticketing data to identify workflow trends, recurring questions, handoff gaps, and opportunities to improve guidance, templates, reporting, automation, and stakeholder experience. You will also support broader GRC initiatives, including compliance calendar activities, control monitoring, process documentation, security awareness coordination, and continuous improvement across the GRC program.
RESPONSIBILITIES:
Support day-to-day GRC program operations – manage and triage GRC intakes and accurate tracking through resolution
Perform and support third-party risk management activities, including vendor reviews, reassessments, partner coordination, remediation tracking, and cross-functional follow-up with Security, Legal, Privacy, Procurement, IT, Finance, and business owners
Assist with risk program management activities
Support security compliance monitoring and audit readiness activities, managing audit request lists and taking ownership of gathering security audit evidence to verify compliance with internal policies / regulations and industry best practices
Coordinate security awareness and training program management activities
QUALIFICATIONS:
2+ years of experience in GRC, third-party risk management, security compliance, internal audit, risk management, or a related function
Deep understanding of Cybersecurity compliance frameworks and cybersecurity compliance controls – ISO 27001, NIST CSF, COSO, SOC 2, PDI-DSS
Possess a strong risk mindset, exceptional attention to detail, and the ability to apply critical thinking when assessing complex issues and control gaps
Highly organized and strong operational discipline ensuring clear and expedient escalations with informed recommendations to management
Superior interpersonal and communication skills – verbal and written
Being a team player and working to achieve common goal in a dynamic setting
Strong commitment to embracing and leveraging AI tools in day-to-day tasks, ensuring AI-assisted work aligns with the same high-quality standards as personal contributions.
A minimum bachelor’s degree in any discipline. Computer science, cyber security and risk or technology degrees preferred. CISA or CRISC certification preferred
This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility
The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.
At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success.
The U.S. base salary range for this full-time position is $70,000 - $110,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training.
In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.
These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements.
Skills Required
- 2+ years of experience in GRC, third-party risk management, security compliance, IT audit, risk management, vendor management, or a related function
- Experience supporting third-party risk assessments, vendor security reviews, audit readiness, compliance operations, risk remediation tracking, or similar activities
- Strong operational discipline, including the ability to manage competing requests, track open items, follow up with stakeholders, and drive work to closure
- Strong written communication skills, with the ability to document clear status updates, risk summaries, follow-up requests, escalation notes, and process guidance
- Ability to coordinate effectively across cross-functional stakeholders, including Security, Legal, Privacy, Procurement, Engineering, IT, Finance, and business owners
- Familiarity with common security and compliance frameworks such as SOC 2, ISO 27001, NIST CSF, GDPR, PCI, or similar frameworks
- Comfort working in Jira, GRC platforms, ticketing systems, spreadsheets, workflow tools, dashboards, or operational reporting systems
- Ability to identify process gaps, navigate ambiguity, escalate appropriately, and turn unclear requests into actionable next steps
- Bachelor's degree in Information Security, Computer Science, Business, Risk Management, or a related field, or equivalent practical experience
- Relevant certifications such as Security+, CISA, CRISC, CISM, CISSP, ISO 27001, or GRC-related certifications are a plus but not required
- Strong commitment to embracing and leveraging AI tools in day-to-day tasks
What the Team is Saying
.jpg)
.jpg)
WHOOP Compensation & Benefits Highlights
-
Wellbeing & Lifestyle Benefits — Wellness support includes a stipend and a complimentary WHOOP membership to use and gift, aligning perks with the company’s health focus. Feedback suggests these lifestyle benefits are a meaningful part of total rewards.
-
Healthcare Strength — Core coverage spans medical, dental, vision, mental health services, and life and disability insurance. This breadth indicates a comprehensive health safety net.
-
Equity Value & Accessibility — Total rewards commonly include stock options or equity participation, positioning ownership as part of compensation. Feedback suggests equity is viewed as a valuable component of the package.
WHOOP Insights
What We Do
At WHOOP, we’re on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. Our wearable device and performance optimization platform has been adopted by many of the world's greatest athletes and consumers alike.
Why Work With Us
At WHOOP, we’re focused on building an inclusive and equitable team with a strong sense of belonging for everyone—increasing representation in every way as our team grows. We believe that our differences are our source of strength—so much so it’s one of our core values.
Gallery
WHOOP Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
