Senior Manager – Governance – Risk – & Compliance – GRC
| Company | Whoop |
|---|---|
| Location | Boston, MA, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | |
| Experience Level | Senior |
Requirements
- 6+ years of experience in GRC, information security, audit, or compliance roles, preferably in health tech, SaaS, or regulated environments
- Deep understanding of regulations and standards including GDPR, ISO 27001, SOC 2, and NIST CSF
- Experience managing organizational risk registers and applying risk-informed decision-making
- Proven ability to lead third-party risk management in collaboration with internal stakeholders
- Familiarity with audit workflows, evidence collection, and control testing in fast-paced or audit-intensive environments
- Experience managing or mentoring compliance, audit, or GRC professionals
- Relevant certifications such as CISA, CISSP, CIPP/E, CRISC, ISO Lead Auditor, HITRUST CCSFP, or PMP are a plus
- Proven ability to build scalable, process-driven programs in high-growth or rapidly evolving environments
- Highly organized and detail-oriented, with strong project execution and prioritization skills across competing deadlines
- Demonstrated accountability to metrics, data-driven reporting, and outcome-based program management
- Strong commitment to embracing and leveraging AI tools in day-to-day tasks, ensuring AI-assisted work aligns with the same high-quality standards as personal contributions, with awareness of emerging governance and ethical considerations such as data privacy and model transparency
Responsibilities
- Lead the development, implementation, and evolution of a comprehensive governance, risk, and compliance program aligned with standards such as ISO 27001, SOC2, GDPR, and other global regulatory expectations
- Own the enterprise risk register, delivering ongoing visibility, prioritization, and executive-level reporting across key risk domains
- Drive the third-party risk management lifecycle, overseeing vendor risk assessments and due diligence in partnership with Legal, IT, and Security
- Oversee the development and lifecycle of scalable policies, standards, and training programs that promote security awareness and strengthen organizational compliance
- Serve as the lead point of contact for internal and external audits and assessments, managing evidence workflows and driving remediation to completion
- Identify, implement, and improve GRC tools, processes, and metrics to support program scale, transparency, and accountability
- Support incident response processes by ensuring regulatory alignment, breach documentation, and post-incident reviews are conducted and integrated into risk and compliance programs
- Lead by doing – execute critical GRC workstreams directly while scaling team capabilities, maturing processes, and transitioning ownership to analysts over time
- Manage and mentor GRC analysts, balancing direct execution with team enablement as the program grows
Preferred Qualifications
- Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.