WHOOP

Manager and Senior Manager: Governance, Risk, & Compliance (GRC)

WHOOP$155K — $205K *
Business Services
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years of experience in GRC or information security, preferably in health tech, SaaS, or regulated environments, with ~4+ years in a management role.
  • Deep understanding of regulations like ISO 27001, SOC 2, GDPR, and health data privacy obligations (e.g., HIPAA).
  • Experience in managing or mentoring compliance, audit, or GRC teams.
  • Proven capability in leading operational GRC programs with workload prioritization and KPI reporting.
  • Strong grasp of cybersecurity controls, cloud security, and third-party risk assurance.
  • Experience building scalable programs in high-growth environments.
  • Detail-oriented with strong project execution and prioritization skills.
  • Excellent communication and interpersonal skills.

Responsibilities

  • Drive development and implementation of the governance program aligned with relevant regulatory frameworks.
  • Partner on scalable security control frameworks, risk assessments, and compliance initiatives.
  • Support incident response activities and ensure actionable improvements post-incident.
  • Manage the enterprise risk register and provide executive-level risk reporting.
  • Spearhead enterprise risk reviews and oversee complex assessments within the team.
  • Mentor GRC analysts while balancing execution with team enablement.
  • Lead the third-party risk management lifecycle through vendor assessments and due diligence.

Benefits

  • Opportunity to work in a fast-paced and high-growth environment.
  • Collaborative work culture involving cross-functional teams.
  • Potential for substantial equity participation aligning with company success.
  • Focus on professional development and mentorship within the GRC domain.
Full Job Description
WHOOP is seeking a strategic and execution-oriented Manager and Senior Manager of Governance, Risk, and Compliance to lead the day-to-day execution and support the ongoing operation and enhancement of the GRC program in a fast-paced, high-growth environment. These roles are responsible for both the design and hands-on execution of GRC initiatives, collaborating across Legal, Security, Product, and other teams to advance compliance objectives, reduce enterprise risk, and strengthen operational resilience.

RESPONSIBILITIES
  • Drive the development, implementation, and continuous evolution of the governance program, driving both strategy and hands-on execution to maintain alignment with ISO 27001, SOC 2, GDPR, and other applicable regulatory frameworks
  • Partner in the development, implementation, and ongoing management of scalable security control frameworks, policies, standards, and security awareness programs, third-party risk assessment, SDLC assessment, and risk program management, contributing directly while guiding the team's work to strengthen organizational compliance
  • Support incident response activities by ensuring regulatory requirements, breach documentation, and post-incident reviews are completed and translated into actionable improvements across the risk and compliance program
  • Actively manage the enterprise risk register, driving risk prioritization, maintaining visibility across key risk domains, and delivering executive-level reporting
  • Spearhead enterprise risk reviews by driving GRC intake and request triage, personally overseeing complex assessments while prioritizing and delegating work across the team
  • Coach, mentor, and develop GRC analysts while balancing hands-on execution with effective delegation and team enablement as the program scales
  • Lead the third-party risk management lifecycle by conducting and overseeing vendor risk assessments and due diligence in partnership with Legal, IT, and Security
  • Own the operational intake and triage process for all GRC requests, including third-party vendor risk assessments, security questionnaires, SDLC risk reviews, and compliance inquiries, ensuring work is prioritized, assigned, and completed within established service levels
  • Develop and report operational metrics and KPIs, providing weekly dashboards and status updates on assessment volumes, turnaround times, backlog, SLA performance, and program health to the leadership
  • Evaluate, implement, and continuously improve GRC tools, processes, and metrics through hands-on execution and operational leadership to support program scale, transparency, and accountability

QUALIFICATIONS
  • 8+ years of experience in GRC, or information security preferably in health tech, SaaS, or regulated environments, with ~4+ years managing GRC, compliance, audit or cybersecurity professionals
  • Deep understanding of regulations and standards including, but not limited to ISO 27001, SOC 2, GDPR, PCI, NIST CSF, and privacy/security obligations applicable to regulated or sensitive health data, including HIPAA where relevant
  • Experience managing or mentoring compliance, audit, or GRC professionals
  • Demonstrated experience leading operational GRC programs, including workload prioritization, KPI reporting, and cross-functional coordination
  • Strong understanding of cybersecurity controls, cloud security concepts, third-party risk assurance, and regulatory compliance requirements
  • Proven ability to build scalable, process-driven programs in high-growth or rapidly evolving environments
  • Highly organized and detail-oriented, with strong project execution and prioritization skills across competing deadlines
  • Superior communication and interpersonal skills - written and verbal
  • Relevant certifications (CISA, CISSP, CRISC, CIPP/E, ISO Lead Auditor, HITRUST CCSFP, or similar) are strongly preferred
  • A minimum bachelor's degree in any discipline. Computer science, cyber security and risk or technology degrees preferred.

This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.

Interested in the role, but don't meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.

The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.

At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company's long-term growth and success.

The U.S. base salary range for these full-time positions is $155,000-$205,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training.

In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.

These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate's specific qualifications, expertise, and alignment with the role's requirements.

About WHOOP

WHOOP is a wearable technology company that specializes in fitness tracking. The company was founded in 2012 and is based in Boston, Massachusetts. WHOOP's flagship product is a wristband that tracks various metrics related to fitness and health, such as heart rate variability, sleep quality, and recovery time. The company also offers a subscription service that provides personalized insights and recommendations based on the data collected by the wristband. WHOOP has raised over $200 million in funding and has partnerships with several professional sports leagues and teams.
Learn more about WHOOP
Size
500 employees
Industry
Founded
2011

Similar Jobs

More Jobs at WHOOP

More Business Services Jobs

Find similar Manager and Senior Manager: Governance, Risk, & Compliance (GRC) jobs: