GRC Analyst - Third Party Risk at WHOOP
Job Description
As a GRC Analyst, you will support the WHOOP Governance, Risk, and Compliance program. You will help manage third-party vendor risk reviews, and operational requests, in cross-functional security compliance workflows. Success in this role requires strong attention to detail, responsiveness and accountability through completion in a fast-paced environment.
The key focus of this role will be helping ensure third-party vendor assessment requests are reviewed, prioritized, routed, tracked, and completed effectively. You will use intake and ticketing data to identify workflow trends, recurring questions, handoff gaps, and opportunities to improve guidance, templates, reporting, automation, and stakeholder experience.
RESPONSIBILITIES:
- Support day-to-day third-party vendor risk assessments – manage and triage GRC third-party vendor assessment intakes and accurate tracking through resolution
- Perform vendor risk reviews, reassessments, partner coordination, remediation tracking, and cross-functional follow-up with Security, Legal, Privacy, Procurement, IT, Finance, and business owners
- Assist with third-party risk program management activities
QUALIFICATIONS:
- 2+ years of experience in GRC - third-party risk management experience preferred
- Understanding of Cybersecurity compliance frameworks and cybersecurity compliance controls – ISO 27001, NIST CSF, COSO, SOC 2, PDI-DSS
- Highly organized and strong operational discipline ensuring clear and expedient escalations with informed recommendations to management
- Being a team player and working to achieve common goal in a dynamic setting
- A minimum bachelor’s degree in any discipline. Computer science, cyber security and risk or technology degrees preferred.