At WHOOP, we’re on a mission to unlock human performance and healthspan. Our wearable technology provides personalized insights that help millions of members better understand their bodies and make smarter decisions about training, recovery, and lifestyle.
WHOOP is seeking a Director of Information Security to lead the execution of the company’s security engineering and security operations capabilities. This role is accountable for delivering reliable, scalable security programs aligned with business and regulatory requirements in a growing, regulated technology environment.
The Director of Information Security will manage an existing security team, oversee the operating model for security engineering and ops, and partner closely with Product Security, Security Architecture, Engineering, IT, GRC, and Legal. This role carries direct accountability for team performance and operational outcomes and is expected to drive execution through metrics, documented processes, and automation.
RESPONSIBILITIES: Lead the Information Security function with accountability for security engineering delivery, day-to-day security operations, and the evolving operating model as WHOOP grows and regulatory and risk requirements changeTranslate regulatory, privacy, and risk requirements into effective, auditable technical controls, partnering with Security Architecture to ensure execution aligns with secure-by-design principles and target-state architectureOwn security operations including detection, response, escalation, incident follow-up, and operational readiness, serving as Incident Commander during security events and acting as on-call executive escalation outside of business hours as needed, coordinating internal teams, external partners, and managed security service providersEstablish and maintain standard operating procedures, metrics, automation, and process improvements to measure effectiveness, reduce risk, and scale security operations reliablyOwn the security posture for enterprise and internal use of AI technologies, including guardrails for access, data handling, monitoring, auditability, and the secure adoption of AI-enabled workflows in partnership with Architecture, Product Security, IT, and LegalDirectly manage information security managers and senior individual contributors, setting clear expectations for performance, documentation, and accountability, and partnering with the CISO on hiring strategy, team growth, and capability developmentPartner with GRC and Legal to support audits, assessments, and regulatory obligations, providing technical evidence and subject-matter expertise, and communicate clearly with senior leadership on risk posture, priorities, and program progressQUALIFICATIONS: 10+ years of experience in information security, security engineering, or security operations, including 5+ years managing managers and senior individual contributors; this role is not intended for first-time people managersDemonstrated experience hiring, developing, and holding high-performing security teams accountable through measurable goals, repeatable processes, and clear documentationProven leadership during high-impact security incidents and crisis situations, including coordination across internal teams and external partnersExperience partnering with managed security service providers to drive consistent, outcome-based security operationsStrong ability to prioritize effectively and drive execution in complex, high-growth environmentsExperience designing, building, or scaling security programs grounded in metrics, automation, and operational rigorFamiliarity with regulatory frameworks including HIPAA, GDPR, PCI, and emerging AI-related compliance requirementsExperience supporting healthcare, biometric, or other health-adjacent data environments is preferredBackground in high-growth technology organizations is preferredSecurity certifications such as CISSP, CISM, or equivalent are a plusThis role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.
At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success.
The U.S. base salary range for this full-time position is $190,000-$220,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training.
In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.
These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements.
