Job Description
At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.
WHOOP is seeking a strategic and execution-oriented Senior Manager of Governance, Risk and Compliance to lead the next phase of the GRC program in a fast-paced, high-growth environment. This role will lead both the design and hands-on execution of the GRC function. Initially, this includes building structure, implementing tools, and guiding day-to-day activities while laying the foundation to scale team capabilities and delegate ownership over time. The ideal candidate will partner across Legal, Security, Product, and other teams to ensure alignment with regulatory frameworks, reduce enterprise risk, and strengthen operational resilience.
Responsibilities:Lead the development, implementation, and evolution of a comprehensive governance, risk, and compliance program aligned with standards such as ISO 27001, SOC2, GDPR, and other global regulatory expectationsOwn the enterprise risk register, delivering ongoing visibility, prioritization, and executive-level reporting across key risk domainsDrive the third-party risk management lifecycle, overseeing vendor risk assessments and due diligence in partnership with Legal, IT, and SecurityOversee the development and lifecycle of scalable policies, standards, and training programs that promote security awareness and strengthen organizational complianceServe as the lead point of contact for internal and external audits and assessments, managing evidence workflows and driving remediation to completionIdentify, implement, and improve GRC tools, processes, and metrics to support program scale, transparency, and accountabilitySupport incident response processes by ensuring regulatory alignment, breach documentation, and post-incident reviews are conducted and integrated into risk and compliance programs
Lead by doing - execute critical GRC workstreams directly while scaling team capabilities, maturing processes, and transitioning ownership to analysts over timeManage and mentor GRC analysts, balancing direct execution with team enablement as the program growsQualifications:6+ years of experience in GRC, information security, audit, or compliance roles, preferably in health tech, SaaS, or regulated environmentsDeep understanding of regulations and standards including GDPR, ISO 27001, SOC 2, and NIST CSFExperience managing organizational risk registers and applying risk-informed decision-makingProven ability to lead third-party risk management in collaboration with internal stakeholdersFamiliarity with audit workflows, evidence collection, and control testing in fast-paced or audit-intensive environmentsExperience managing or mentoring compliance, audit, or GRC professionalsRelevant certifications such as CISA, CISSP, CIPP/E, CRISC, ISO Lead Auditor, HITRUST CCSFP, or PMP are a plusProven ability to build scalable, process-driven programs in high-growth or rapidly evolving environmentsHighly organized and detail-oriented, with strong project execution and prioritization skills across competing deadlinesDemonstrated accountability to metrics, data-driven reporting, and outcome-based program managementStrong commitment to embracing and leveraging AI tools in day-to-day tasks, ensuring AI-assisted work aligns with the same high-quality standards as personal contributions, with awareness of emerging governance and ethical considerations such as data privacy and model transparencyInterested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Estimated Salary Range
Our AI-powered salary intelligence estimates this position's salary to be between $120,000 - $150,000. The actual salary may vary based on factors such as experience, location, and market trends.
