At WHOOP, we're on a mission to unlock human performance and healthspan. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.

As a GRC Analyst II, you will play a crucial role in supporting the development, implementation, and maintenance of our Governance, Risk, and Compliance (GRC) program. Working under the guidance of the GRC Senior Manager you will assist in various activities, including policy development, risk assessments, compliance framework implementation and monitoring, and audit coordination. Step into a role that empowers you to build a well-rounded foundation in GRC, explore multiple facets of the field, and sharpen your skills in specialized areas such as risk management or standards program management. Your sharp eye for detail and strong analytical mindset will play a pivotal role in strengthening our security and compliance initiatives.

RESPONSIBILITES:

• Assist in the development and implementation of GRC standards, frameworks and regulations (SOC2, ISO 27001, NIST Cybersecurity Framework, HIPAA, PCI DSS, etc.) to support business objectives, aligned with industry best practices and regulatory requirements.
• Assist in conducting risk assessments, supporting the development and adherence of risk mitigation strategies, and maintaining the risk register.
• Support ongoing compliance monitoring activities to ensure adherence to internal policies, relevant regulations, standards, and contractual obligations.
• Assist in evaluating and managing risks associated with third-party vendors and service providers through vendor risk assessment processes.
• Provide support in incident response activities, including documentation, coordination, and post-incident analysis as directed.
• Assist in the development and delivery of security awareness and training programs to educate employees on security policies, procedures, and best practices.
• Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.
• Manage and resolve GRC support tickets promptly and efficiently.
• Participate in the review, development, and maintenance of security policies, standards, and procedures to ensure compliance with regulatory mandates and industry standards.
• Maintain and update GRC standard operating procedures to ensure consistency and efficiency. Identify areas for process improvement within the GRC program and assist in implementing enhancements to improve effectiveness and efficiency.
• Work cross-functionally with IT, Engineering, Legal, HR, and other stakeholders to document and validate compliance controls and support their implementation within the GRC platform.
• Leverage AI and automation tools to enhance compliance monitoring, reporting, evidence collection, and risk analysis.

QUALIFICATIONS:

• Bachelor's degree in Information Security, Computer Science, or related field.
• Compliance and security certifications (e.g., CompTIA Security+, CISSP, CISA, CISM, CRISC, other GRC certifications) a plus.
• Minimum of 3 years demonstrated experience in GRC is mandatory.
• Strong understanding of GRC concepts, principles, and practices.
• Familiarity with using and or administrating GRC tools is a plus.
• Demonstrated familiarity with relevant regulations, standards, and frameworks is required (e.g., GDPR, SOC2, ISO 27001, NIST Cybersecurity Framework, PCI DSS, HIPAA).
• Prior healthcare compliance experience and knowledge of HIPAA and or HITRUST is a plus.
• Excellent analytical and problem-solving skills with attention to detail.
• Effective communication and interpersonal skills, with the ability to establish relationships and collaborate with cross-functional teams.
• Detail-oriented with superior organizational and time-management skills - balancing multiple projects, deadlines, and requests.
• Proven ability to navigate ambiguity and complexity, turning uncertainty into clarity and actionable insights.
• Driven with a pro-active and results-oriented approach, demonstrating a can-do attitude and determination to succeed.
• Familiarity with Jira or other project management tools for organizing and managing daily work and projects is preferred.

This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.

Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.

WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.

At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success.

*The U.S. base salary range for this full-time position is $85,000 - $135,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. *

*In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.. *

These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements.

Learn more about

[WHOOP](https: //www.whoop.com/us/en/careers/?srsltid=AfmBOopKmph9d0DLBlogZu8mx6do0dzjNS8eJlfc4PQqQtdU6F8DGKBg).