<div>

At WHOOP, we’re on a mission to unlock human performance and healthspan.

Our wearable technology provides personalized insights that help millions of members better understand their bodies and make smarter decisions about training, recovery, and lifestyle.

We are seeking a Director of Governance, Risk & Compliance to lead and advance the WHOOP enterprise GRC program.

Reporting to the CISO, you will define and execute the strategy for governance, risk management, and compliance across the organization, translating strategic priorities into scalable programs, controls, and measurable outcomes.&nbsp;

This is a senior leadership role responsible for strengthening and expanding a world-class GRC function that enables WHOOP to move quickly while maintaining the highest standards of security, privacy, and regulatory compliance.

</div></br><b>

Responsibilities

• </b></br><div>
• <ul style="margin-top: 0px; margin-bottom: 0px; padding-inline-start: 48px;">
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif;"><span style="font-size: 11pt; color: #333333;">Define and execute the enterprise-wide GRC strategy</span><span style="font-size: 11pt;"> </span><span style="font-size: 11pt; color: #333333;">in alignment with WHOOP business objectives, risk appetite, and evolving regulatory landscape, driving implementation across policies, processes, tooling, and metrics</span></li>
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;"><span style="font-size: 11pt;">Lead, grow, and mentor a high-performing GRC team, establishing clear operating rhythms, ownership models, and performance expectations while fostering a culture of accountability and&nbsp; continuous improvement</span></li>
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;"><span style="font-size: 11pt;">Oversee compliance programs across key frameworks including SOC 2, ISO 27001, HIPAA, GDPR, and emerging health data regulations</span></li>
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;"><span style="font-size: 11pt;">Establish and maintain the enterprise risk management program, including risk identification, quantification, mitigation, and reporting to executive leadership and the board</span></li>
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif;"><span style="font-size: 7pt;">&nbsp;</span><span style="font-size: 11pt; color: #333333;">Own the third-party risk management program, ensuring vendors and partners meet WHOOP’s security and compliance requirements</span></li>
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif;"><span style="font-size: 11pt;">Lead and evolve governance for responsible AI use, including risk assessment, vendor oversight, regulatory alignment, and policy development in coordination with Product, Legal, and Engineering</span></li>
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;"><span style="font-size: 11pt;">Partner with Legal, Product, Engineering, and Privacy teams to ensure regulatory requirements are embedded into product development and business processes</span></li>
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif;"><span style="font-size: 7pt;">&nbsp;</span><span style="font-size: 11pt; color: #333333;">Lead engagement with external auditors, regulators, and certification bodies</span></li>
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif;"><span style="font-size: 11pt;">Translate strategic objectives into operational controls and program enhancements, personally driving key initiatives as the function continues to scale</span></li>
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif;"><span style="font-size: 7pt;">&nbsp;</span><span style="font-size: 11pt; color: #333333;">Develop and present risk and compliance reporting to the C-suite, delivering clear, business-aligned risk insights</span></li>
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif;"><span style="font-size: 7pt;">&nbsp;</span><span style="font-size: 11pt; color: #333333;">Drive policy governance, ensuring security and compliance policies are current, enforceable, and aligned with industry best practices</span></li>
• <li style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;"><span style="font-size: 11pt;">Champion a culture of security awareness and compliance across the organization</span></li>
• </ul></div></br><b>

Qualifications

• </b></br><div>
• <ul style="margin-top: 0px; margin-bottom: 0px; padding-inline-start: 48px;">
• <li style="font-size: 11pt; font-family: Arial, sans-serif;">
• <p style="margin-top: 0pt; margin-bottom: 0pt;"><span style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif;">10+</span><span style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;"> years of progressive experience in GRC, information security, risk management, or compliance, with at least 5 years in a leadership role</span>
• </li>
• <li style="font-size: 11pt; font-family: Arial, sans-serif;">
• <p style="margin-top: 0pt; margin-bottom: 0pt;"><span style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;">Proven track record of scaling and maturing GRC programs in high-growth technology or health-tech companies</span>
• </li>
• <li style="font-size: 11pt; font-family: Arial, sans-serif;">
• <p style="margin-top: 0pt; margin-bottom: 0pt;"><span style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;">Deep expertise across multiple compliance frameworks (SOC 2, ISO 27001, HIPAA, GDPR, NIST CSF, PCI-DSS) with familiarity in emerging AI governance and regulatory standards</span>
• </li>
• <li style="font-size: 11pt; font-family: Arial, sans-serif;">
• <p style="margin-top: 0pt; margin-bottom: 0pt;"><span style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;">Strong understanding of cloud security architectures (AWS preferred) and their implications for compliance and risk</span>
• </li>
• <li style="font-size: 11pt; font-family: Arial, sans-serif;">
• <p style="margin-top: 0pt; margin-bottom: 0pt;"><span style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif;">Experience evaluating AI/ML risk, data governance implications, or responsible AI frameworks in regulated environments</span>
• </li>
• <li style="font-size: 11pt; font-family: Arial, sans-serif;">
• <p style="margin-top: 0pt; margin-bottom: 0pt;"><span style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;">Experience presenting risk posture and compliance metrics to executive leadership and board-level audiences</span>
• </li>
• <li style="font-size: 11pt; font-family: Arial, sans-serif;">
• <p style="margin-top: 0pt; margin-bottom: 0pt;"><span style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;">Exceptional leadership skills with a demonstrated ability to attract, develop, and retain top GRC talent</span>
• </li>
• <li style="font-size: 11pt; font-family: Arial, sans-serif;">
• <p style="margin-top: 0pt; margin-bottom: 4pt;"><span style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;">Strong business acumen with the ability to translate technical risk into business terms</span>
• </li>
• <li style="font-size: 11pt; font-family: Arial, sans-serif;">
• <p style="margin-top: 0pt; margin-bottom: 0pt;"><span style="font-size: 11pt; font-family: 'Proxima Nova', sans-serif; color: #333333;">Relevant certifications preferred (CISSP, CISM, CRISC, CISA, or equivalent)</span>
• </li>
• </ul></div></br><div>
• <div>
• <div>
• <div>
• <div data-qa="closing-description">
• <div><em>WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility.&nbsp; It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.
• An employer who violates this law shall be subject to criminal penalties and civil liability.</em></div>
• <div>&nbsp;</div>
• <div><em>The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.</em></div>
• <div>&nbsp;</div>
• <div><em>At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success.</em></div>
• <div>&nbsp;</div>
• <div><em>The U.S. base salary range for this full-time position is $185,000-$205,000.
• Salary ranges are determined by role, level, and location.
• Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training.&nbsp;</em></div>
• <div>&nbsp;</div>
• <div><em>In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.</em></div>
• <div><em>&nbsp;</em></div>
• <div><em>These ranges may be modified in the future to reflect evolving market conditions and organizational needs.
• While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements.</em></div>
• </div>
• <div data-qa="btn-apply-bottom">&nbsp;</div>
• </div>
• </div>
• </div>
• <div>&nbsp;</div>
• </div>