Senior GRC Analyst

Posted 4 Hours Ago
Easy Apply
Be an Early Applicant
Boston, MA, USA
Hybrid
130K-170K Annually
Senior level
Fitness • Hardware • Healthtech • Sports • Wearables
Power your performance with 24/7 data
The Role
Lead and execute cybersecurity, AI, and technology risk assessments; maintain enterprise risk register; translate technical findings into business risk; support quantitative risk analysis (FAIR); prepare executive reporting; partner with Security, Product, Legal, and IT to evaluate system designs, cloud architecture, third-party integrations, and emerging AI/ML risks; develop dashboards and mature cyber risk processes.
Summary Generated by Built In
At WHOOP, we are on a mission to unlock human performance and extend healthspan. The Governance, Risk, and Compliance (GRC) team helps ensure technology and cybersecurity risks are identified, assessed, and communicated clearly across the organization.

WHOOP is seeking an execution-oriented Senior Governance, Risk, and Compliance Analyst to lead the day-to-day execution and support the ongoing operation of the GRC program in a fast-paced, high-growth environment. This role is responsible for operations of GRC initiatives - including but not limited to structured cybersecurity and AI risk assessments, exceptions management, SDLC reviews and security compliance process ownership. The role will partner closely with Legal, Security, Product, and other teams to advance compliance objectives, reduce enterprise risk, and strengthen operational resilience.

The ideal candidate combines strong analytical thinking, critical risk mind-set with the ability to communicate complex risk scenarios clearly to both technical and non-technical stakeholders.

RESPONSIBILITIES:

    ● Lead cyber, AI, and technology risk assessments across systems, cloud environments,
    business processes, and major initiatives, evaluating threats, vulnerabilities, control
    effectiveness, and residual risk
    ● Maintain and operate the enterprise cyber risk register, including drafting risk statements,
    tracking mitigation plans, and supporting governance and reporting processes
    ● Translate technical findings, architectural concerns, and control gaps into clear business
    risk scenarios that support prioritization and decision-making
    ● Support and help mature quantitative cyber risk analysis approaches such as FAIR to
    improve how risk is measured and communicated
    ● Prepare materials and analysis to support the Cyber Risk Committee and executive risk
    reporting
    ● Partner with Security Architecture to assess risk in system designs, cloud architecture,
    identity models, data flows, and platform changes
    ● Collaborate with Security Engineering, Product Security, Legal, IT, and business teams
    to evaluate new initiatives, technology changes, artificial intelligence use cases, and
    third-party integrations through a risk lens
    ● Conduct risk assessments for emerging technologies including artificial intelligence and
    machine learning systems, evaluating data usage, model behavior, external
    dependencies, and security implications

    ● Develop dashboards and reporting that provide leadership with visibility into key
    cybersecurity risks and trends.
    ● Contribute to the continued development of cyber risk management processes

QUALIFICATIONS:

    ● 6+ years of experience in cybersecurity or enterprise risk management, information
    security, or a related field
    ● Demonstrated experience conducting structured cybersecurity or IT risk assessments
    ● Experience maintaining risk registers and tracking risk mitigation or treatment activities
    ● Deep understanding of security frameworks such as NIST CSF, ISO 27001, or PCI DSS,
    and familiarity with regulatory environments such as GDPR, HIPAA or other privacy and
    data protection requirements
    ● Ability to translate technical findings into clear business risk for non-technical
    stakeholders
    ● Strong written and verbal communication skills with experience presenting findings to
    cross-functional teams
    ● Experience assessing risks related to artificial intelligence, machine learning systems, or
    emerging technologies, including familiarity with emerging AI governance frameworks
    such as NIST AI RMF, ISO/IEC 42001, or similar standards
    ● Professional certifications such as CRISC, CISSP, CISA, or CGRC are a plus

This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.

Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.

WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility

The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.

At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success.

The U.S. base salary range for this full-time position is $130,000 - $170,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. 

In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.

These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements.

Skills Required

  • 6+ years experience in cybersecurity, enterprise risk management, or information security
  • Experience conducting structured cybersecurity or IT risk assessments
  • Experience maintaining risk registers and tracking mitigation activities
  • Deep understanding of security frameworks (NIST CSF, ISO 27001, or PCI DSS)
  • Familiarity with regulatory/privacy environments (GDPR, HIPAA, or similar)
  • Ability to translate technical findings into clear business risk for non-technical stakeholders
  • Strong written and verbal communication and presentation skills
  • Experience assessing risks related to AI and machine learning systems and familiarity with AI governance frameworks (NIST AI RMF, ISO/IEC 42001)
  • Experience with quantitative cyber risk analysis approaches such as FAIR
  • Willingness and ability to relocate and work out of the Boston, MA office
  • Professional certifications (CRISC, CISSP, CISA, CGRC)

What the Team is Saying

Josh
Manan Dedhia
Anahis

WHOOP Compensation & Benefits Highlights

  • Parental & Family Support Parental leave is described as generous, with an additional transition period to support return-to-work. Feedback suggests this policy stands out within the overall package.
  • Wellbeing & Lifestyle Benefits Wellness stipends, free WHOOP memberships (including a giftable one), a sleep-performance cash incentive, daily meals, and access to onsite gym and recovery tools create a lifestyle-oriented offering. Feedback suggests these perks meaningfully enhance the total rewards experience beyond base pay.
  • Equity Value & Accessibility Equity participation and stock option eligibility are highlighted, and ownership is portrayed as rewarding as the company grows. Feedback suggests this sense of ownership positively influences perceptions of compensation.

WHOOP Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Boston, MA
500 Employees
Year Founded: 2012

What We Do

At WHOOP, we’re on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. Our wearable device and performance optimization platform has been adopted by many of the world's greatest athletes and consumers alike.

Why Work With Us

At WHOOP, we’re focused on building an inclusive and equitable team with a strong sense of belonging for everyone—increasing representation in every way as our team grows. We believe that our differences are our source of strength—so much so it’s one of our core values.


Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

WHOOP Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: 4 days a week
HQBoston, MA
Limerick, Limerick, V94 4D83 Ireland
Learn more

Similar Jobs

WHOOP Logo WHOOP

Manager and Senior Manager: Governance, Risk, & Compliance (GRC)

Fitness • Hardware • Healthtech • Sports • Wearables
Easy Apply
Hybrid
Boston, MA, USA
500 Employees

WHOOP Logo WHOOP

Incident Response Lead

Fitness • Hardware • Healthtech • Sports • Wearables
Easy Apply
Hybrid
Boston, MA, USA
500 Employees

WHOOP Logo WHOOP

Electrical Engineer

Fitness • Hardware • Healthtech • Sports • Wearables
Easy Apply
Hybrid
Boston, MA, USA
500 Employees

WHOOP Logo WHOOP

Principal AI/ML Researcher

Fitness • Hardware • Healthtech • Sports • Wearables
Easy Apply
Hybrid
Boston, MA, USA
500 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account