Skip to main content

Senior GRC Analyst at WHOOP

Senior GRC Analyst
WHOOP
On-site
Boston, MA
Full-time
Salary not listed
Posted 17 July 2026
Apply Now
Share this job:

Job Description

At WHOOP, we are on a mission to unlock human performance and extend healthspan. The Governance, Risk, and Compliance (GRC) team helps ensure technology and cybersecurity risks are identified, assessed, and communicated clearly across the organization.

WHOOP is seeking an execution-oriented Senior Governance, Risk, and Compliance Analyst to lead the day-to-day execution and support the ongoing operation of the GRC program in a fast-paced, high-growth environment. This role is responsible for operations of GRC initiatives - including but not limited to structured cybersecurity and AI risk assessments, exceptions management, SDLC reviews and security compliance process ownership. The role will partner closely with Legal, Security, Product, and other teams to advance compliance objectives, reduce enterprise risk, and strengthen operational resilience.

The ideal candidate combines strong analytical thinking, critical risk mind-set with the ability to communicate complex risk scenarios clearly to both technical and non-technical stakeholders.

RESPONSIBILITIES:

● Lead cyber, AI, and technology risk assessments across systems, cloud environments,

business processes, and major initiatives, evaluating threats, vulnerabilities, control

effectiveness, and residual risk

● Maintain and operate the enterprise cyber risk register, including drafting risk statements,

tracking mitigation plans, and supporting governance and reporting processes

● Translate technical findings, architectural concerns, and control gaps into clear business

risk scenarios that support prioritization and decision-making

● Support and help mature quantitative cyber risk analysis approaches such as FAIR to

improve how risk is measured and communicated

● Prepare materials and analysis to support the Cyber Risk Committee and executive risk

reporting

● Partner with Security Architecture to assess risk in system designs, cloud architecture,

identity models, data flows, and platform changes

● Collaborate with Security Engineering, Product Security, Legal, IT, and business teams

to evaluate new initiatives, technology changes, artificial intelligence use cases, and

third-party integrations through a risk lens

● Conduct risk assessments for emerging technologies including artificial intelligence and

machine learning systems, evaluating data usage, model behavior, external

dependencies, and security implications

● Develop dashboards and reporting that provide leadership with visibility into key

cybersecurity risks and trends.

● Contribute to the continued development of cyber risk management processes

QUALIFICATIONS:

● 6+ years of experience in cybersecurity or enterprise risk management, information

security, or a related field

● Demonstrated experience conducting structured cybersecurity or IT risk assessments

● Experience maintaining risk registers and tracking risk mitigation or treatment activities

● Deep understanding of security frameworks such as NIST CSF, ISO 27001, or PCI DSS,

and familiarity with regulatory environments such as GDPR, HIPAA or other privacy and

data protection requirements

● Ability to translate technical findings into clear business risk for non-technical

stakeholders

● Strong written and verbal communication skills with experience presenting findings to

cross-functional teams

● Experience assessing risks related to artificial intelligence, machine learning systems, or

emerging technologies, including familiarity with emerging AI governance frameworks

such as NIST AI RMF, ISO/IEC 42001, or similar standards

● Professional certifications such as CRISC, CISSP, CISA, or CGRC are a plus

Similar Jobs

View all jobs →