GRC Analyst at Whoop

Boston, Massachusetts, United States

Apply Now

Not SpecifiedCompensation

Junior (1 to 2 years)Experience Level

Full TimeJob Type

UnknownVisa

Technology, HealthtechIndustries

Requirements

Bachelor's degree in Information Security, Computer Science, or relevant certifications (e.g., CompTIA Security+, CISSP, CISA, CISM, GRC certifications) a plus
Minimum of 2 years of experience in information security, risk management, audit, or compliance roles
Strong understanding of GRC concepts, principles, and practices
Familiarity with relevant regulations, standards, and frameworks (e.g., GDPR, SOC2, ISO 27001, NIST Cybersecurity Framework)
Excellent analytical and problem-solving skills with attention to detail
Effective communication and interpersonal skills, with the ability to establish relationships and collaborate with cross-functional teams
Detail-oriented with superior organizational and time-management skills - balancing multiple projects, deadlines, and requests
Proven ability to navigate ambiguity and complexity, turning uncertainty into clarity and actionable insights
Driven with a pro-active and results-oriented approach, demonstrating a can-do attitude and determination to succeed
Based in the WHOOP office located in Boston, MA (prepared to relocate if necessary)

Responsibilities

Assist in the development and implementation of the GRC framework to support business objectives, aligned with industry best practices and regulatory requirements
Assist in conducting risk assessments, supporting the development and adherence of risk mitigation strategies, and maintaining the risk register
Support ongoing compliance monitoring activities to ensure adherence to internal policies, relevant regulations, standards, and contractual obligations
Assist in evaluating and managing risks associated with third-party vendors and service providers through vendor risk assessment processes
Provide support in incident response activities, including documentation, coordination, and post-incident analysis as directed
Assist in the development and delivery of security awareness and training programs to educate employees on security policies, procedures, and best practices
Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings
Manage and resolve GRC support tickets promptly and efficiently
Participate in the review, development, and maintenance of security policies, standards, and procedures to ensure compliance with regulatory mandates and industry standards
Maintain and update GRC standard operating procedures to ensure consistency and efficiency
Identify areas for process improvement within the GRC program and assist in implementing enhancements to improve effectiveness and efficiency

Skills

Key technologies and capabilities for this role

GRCRisk AssessmentCompliance MonitoringAudit CoordinationVendor Risk AssessmentIncident ResponsePolicy DevelopmentRisk RegisterSecurity Awareness Training

Questions & Answers

Common questions about this position

What qualifications are required for the GRC Analyst position?

A Bachelor's degree in Information Security, Computer Science, or relevant certifications like CompTIA Security+, CISSP, CISA, CISM, or GRC certifications is a plus. Minimum of 2 years of experience in information security, risk management, audit, or compliance roles is required, along with strong understanding of GRC concepts and familiarity with regulations like GDPR, SOC2, ISO 27001, and NIST.

What are the main responsibilities of the GRC Analyst?

Responsibilities include assisting in GRC framework development, conducting risk assessments, supporting compliance monitoring, managing vendor risks, incident response, security training, audit support, and process improvements.

What skills are essential for success in this role?

Excellent analytical and problem-solving skills with attention to detail, effective communication, and a sharp eye for detail with strong analytical mindset are essential.

Is the GRC Analyst role remote or office-based?

This information is not specified in the job description.

What is the salary or compensation for the GRC Analyst position?

This information is not specified in the job description.

Whoop

Wearable fitness tracker with personalized insights

About Whoop

WHOOP offers a fitness membership that focuses on improving personal health and performance through a wearable device called the WHOOP Strap 3.0. This device continuously collects physiological data, including heart rate, sleep patterns, and recovery levels, to provide users with personalized recommendations on their daily activity, sleep needs, and readiness for performance. Unlike many competitors, WHOOP operates on a subscription model, where users pay a fee to access the membership, which includes the device and continuous insights through the WHOOP app. This model not only provides a steady revenue stream but also fosters a strong community among users, encouraging engagement through teams, challenges, and social features. The goal of WHOOP is to help users optimize their health and performance while minimizing injury risk.

Boston, MassachusettsHeadquarters

2012Year Founded

$393.7MTotal Funding

SERIES_FCompany Stage

Data & Analytics, HealthcareIndustries

501-1,000Employees

Benefits

Take Time Off: Time outside of the office is important for sleep, strain and recovery! Our PTO plan encourages members to take time off in order to come back refreshed.

Live a Healthy Lifestyle: Our competitive benefits package includes premium medical, dental, and vision coverage for employees and their dependents. Life and disability insurance are also available.

Feel Invested: In addition to a competitive base salary and 401k, you're eligible to receive stock options to share in the future of WHOOP. Work means more when you have personal stake. You have ownership in what we are building.

Eat Well: Keep hunger at bay with endless snacks in our fully stocked kitchen. Enjoy catered team lunches on Friday, and even a cold brew keg.

Know The Product: We want you to understand and experience the product firsthand. We offer you a WHOOP strap and membership at no cost.

Be Active: Take advantage of our office gym and on-site showers! WHOOP also offers a $500 yearly wellness perk for fitness classes and memberships.

Be Present: It’s important to be present when bringing home a new family member. Take care of your loved ones with 12 weeks paid parental leave, plus an additional 2 weeks to gradually return to work.

Love Where You Work: Sitting in the heart of Fenway, our beautiful office overlooks Fenway Park. A prime location for great food, not to mention catching a Sox game, too!

Work Hard, Play Harder: If we don't already have a club here that fits your lifestyle and interests, you're encouraged to start one. Share your passions with others at work, or discover new ones!

Risks

Increased competition from brands like Oura and Fitbit threatens market share.

Privacy concerns over data collection could lead to regulatory challenges.

Economic downturns may affect consumer willingness to pay subscription fees.

Differentiation

WHOOP offers 24/7 physiological data tracking with its WHOOP Strap 3.0.

The company provides personalized health insights for athletes and fitness enthusiasts.

WHOOP's subscription model includes a community aspect for user engagement.

Upsides

WHOOP's partnership with Cristiano Ronaldo boosts brand visibility and credibility.

Expansion into 56 markets enhances WHOOP's global presence and growth potential.

Collaborations with brands like Assos strengthen WHOOP's position in sports technology.

Land your dream remote job 3x faster with AI

Try Jobo Free