Manager and Senior Manager: Governance, Risk, & Compliance (GRC)

Posted Yesterday
Easy Apply
Be an Early Applicant
Boston, MA, USA
Hybrid
Senior level
Fitness • Hardware • Healthtech • Sports • Wearables
Power your performance with 24/7 data
The Role
Lead design and hands-on execution of the GRC program: maintain ISO 27001/SOC 2/GDPR compliance, develop security controls and policies, run third-party risk assessments, support incident response, manage enterprise risk register, triage GRC intake, produce KPIs/dashboards, coach analysts, and improve GRC tools and processes.
Summary Generated by Built In

At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. 

We're hiring for two separate roles at the Manager and Senior Manager levels. Final leveling will be based on each candidate's experience, leadership scope, demonstrated impact, and interview performance.

WHOOP is seeking a strategic and execution-oriented Manager and Senior Manager of Governance, Risk, and Compliance to lead the day-to-day execution and support the ongoing operation and enhancement of the GRC program in a fast-paced, high-growth environment. These  roles are  responsible for both the design and hands-on execution of GRC initiatives, collaborating across Legal, Security, Product, and other teams to advance compliance objectives, reduce enterprise risk, and strengthen operational resilience.

RESPONSIBILITIES

  • Drive the development, implementation, and continuous evolution of the governance program, driving both strategy and hands-on execution to maintain alignment with ISO 27001, SOC 2, GDPR, and other applicable regulatory frameworks

  • Partner in the development, implementation, and ongoing management of scalable security control frameworks, policies, standards, and security awareness programs, third-party risk assessment, SDLC assessment, and risk program management, contributing directly while guiding the team’s work to strengthen organizational compliance

  • Support incident response activities by ensuring regulatory requirements, breach documentation, and post-incident reviews are completed and translated into actionable improvements across the risk and compliance program

  • Actively manage the enterprise risk register, driving risk prioritization, maintaining visibility across key risk domains, and delivering executive-level reporting

  • Spearhead enterprise risk reviews by driving GRC intake and request triage, personally overseeing complex assessments while prioritizing and delegating work across the team

  • Coach, mentor, and develop GRC analysts while balancing hands-on execution with effective delegation and team enablement as the program scales

  • Lead the third-party risk management lifecycle by conducting and overseeing vendor risk assessments and due diligence in partnership with Legal, IT, and Security

  • Own the operational intake and triage process for all GRC requests, including third-party vendor risk assessments, security questionnaires, SDLC risk reviews, and compliance inquiries, ensuring work is prioritized, assigned, and completed within established service levels 

  • Develop and report operational metrics and KPIs, providing weekly dashboards and status updates on assessment volumes, turnaround times, backlog, SLA performance, and program health to the leadership 

  • Evaluate, implement, and continuously improve GRC tools, processes, and metrics through hands-on execution and operational leadership to support program scale, transparency, and accountability

QUALIFICATIONS

  • 8+ years of experience in GRC, or information security preferably in health tech, SaaS, or regulated environments, with ~4+ years managing GRC, compliance, audit or cybersecurity professionals

  • Deep understanding of regulations and standards including, but not limited to ISO 27001, SOC 2, GDPR, PCI, NIST CSF, and privacy/security obligations applicable to regulated or sensitive health data, including HIPAA where relevant

  • Experience managing or mentoring compliance, audit, or GRC professionals

  • Demonstrated experience leading operational GRC programs, including workload prioritization, KPI reporting, and cross-functional coordination

  • Strong understanding of cybersecurity controls, cloud security concepts, third-party risk assurance, and regulatory compliance requirements 

  • Proven ability to build scalable, process-driven programs in high-growth or rapidly evolving environments

  • Highly organized and detail-oriented, with strong project execution and prioritization skills across competing deadlines

  • Superior communication and interpersonal skills - written and verbal

  • Relevant certifications (CISA, CISSP, CRISC, CIPP/E, ISO Lead Auditor, HITRUST CCSFP, or similar) are strongly preferred 

  • A minimum bachelor’s degree in any discipline. Computer science, cyber security and risk or technology degrees preferred.

Skills Required

  • 8+ years of experience in GRC or information security
  • 4+ years managing GRC, compliance, audit or cybersecurity professionals
  • Deep understanding of ISO 27001, SOC 2, GDPR, PCI, NIST CSF, and HIPAA
  • Experience leading operational GRC programs including workload prioritization and KPI reporting
  • Experience with third-party risk management and vendor risk assessments
  • Strong understanding of cybersecurity controls and cloud security concepts
  • Proven ability to build scalable, process-driven programs in high-growth environments
  • Highly organized and detail-oriented with strong project execution and prioritization skills
  • Superior written and verbal communication and interpersonal skills
  • Bachelor's degree (minimum); computer science, cybersecurity, or risk degrees preferred
  • Relevant certifications (CISA, CISSP, CRISC, CIPP/E, ISO Lead Auditor, HITRUST CCSFP)

What the Team is Saying

Josh
Manan Dedhia
Anahis

WHOOP Compensation & Benefits Highlights

  • Parental & Family Support Parental leave is described as generous, with an additional transition period to support return-to-work. Feedback suggests this policy stands out within the overall package.
  • Wellbeing & Lifestyle Benefits Wellness stipends, free WHOOP memberships (including a giftable one), a sleep-performance cash incentive, daily meals, and access to onsite gym and recovery tools create a lifestyle-oriented offering. Feedback suggests these perks meaningfully enhance the total rewards experience beyond base pay.
  • Equity Value & Accessibility Equity participation and stock option eligibility are highlighted, and ownership is portrayed as rewarding as the company grows. Feedback suggests this sense of ownership positively influences perceptions of compensation.

WHOOP Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Boston, MA
500 Employees
Year Founded: 2012

What We Do

At WHOOP, we’re on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. Our wearable device and performance optimization platform has been adopted by many of the world's greatest athletes and consumers alike.

Why Work With Us

At WHOOP, we’re focused on building an inclusive and equitable team with a strong sense of belonging for everyone—increasing representation in every way as our team grows. We believe that our differences are our source of strength—so much so it’s one of our core values.


Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

WHOOP Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: 4 days a week
HQBoston, MA
Limerick, Limerick, V94 4D83 Ireland
Learn more

Similar Jobs

WHOOP Logo WHOOP

Incident Response Lead

Fitness • Hardware • Healthtech • Sports • Wearables
Easy Apply
Hybrid
Boston, MA, USA
500 Employees

WHOOP Logo WHOOP

Senior GRC Analyst

Fitness • Hardware • Healthtech • Sports • Wearables
Easy Apply
Hybrid
Boston, MA, USA
500 Employees
130K-170K Annually

WHOOP Logo WHOOP

Electrical Engineer

Fitness • Hardware • Healthtech • Sports • Wearables
Easy Apply
Hybrid
Boston, MA, USA
500 Employees

WHOOP Logo WHOOP

Principal AI/ML Researcher

Fitness • Hardware • Healthtech • Sports • Wearables
Easy Apply
Hybrid
Boston, MA, USA
500 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account