GRC Analyst

At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. 

WHOOP is seeking a GRC Analyst to join our growing team. As a GRC Analyst, you will support the Governance, Risk, and Compliance (GRC) function by executing third-party risk management (TPRM) assessments, maintaining compliance initiatives, managing security awareness, and maintaing operating procedures, GPTs, etc.  Your attention to detail and analytical skills will contribute to the effectiveness of our security and compliance efforts.

• Evaluate and manage risks associated with new and existing third-party vendors and service providers through the TPRM assessment process. 
• Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.
• Assist in the development and delivery of security awareness and training programs to educate employees on security policies, procedures, and best practices. 
• Oversee the GRC support ticket queue, including responding to and resolving tickets in a timely manner.
• Maintain and update GRC standard operating procedures to ensure consistency and efficiency. Identify areas for process improvement within the GRC program and assist in implementing enhancements to improve effectiveness and efficiency.
• Assist in conducting risk assessments, identifying potential threats and vulnerabilities, and documenting and tracking risk mitigation efforts. 
• Support ongoing compliance monitoring activities to ensure adherence to internal policies, relevant regulations, standards, and contractual obligations.
• Response and Investigation: Provide support in incident response activities, including documentation, coordination as directed.
• Participate in the review, development, and maintenance of security policies, standards, and procedures to ensure compliance with regulatory mandates and industry standards.

• Bachelor's degree in Information Security, Computer Science, or relevant certifications preferred but not required (i.e., CompTIA Security+, CISSP, CISA, CISM, GRC-specific  certifications).
• At least 1 year of experience or equivalent strong internship experience in information security, risk management, audit, or compliance roles.
• Understanding of compliance frameworks including GDPR, HIPAA, SOC2, ISO 27001, and NIST CSF.
• Excellent analytical and problem-solving skills with attention to detail.
• Effective communication and interpersonal skills, with the ability to collaborate with cross-functional teams.
• Detail-oriented with superior organizational and time-management skills - balancing multiple projects, deadlines, and requests.
• Driven with a can-do attitude and determination to succeed.

Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.

WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility.  It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.