GRC Analyst, Operations & Risk

Responsibilities

• Support day-to-day GRC program operations by managing and triaging intakes and tracking them through resolution
• Perform third-party risk management activities, including vendor reviews, reassessments, and remediation tracking
• Coordinate with Security, Legal, Privacy, Procurement, IT, and Finance teams on risk-related follow-ups
• Assist with security compliance monitoring and audit readiness by gathering evidence to verify compliance with internal policies and industry standards
• Coordinate security awareness and training program management activities
• Use intake and ticketing data to identify workflow trends and opportunities for automation and process improvement

Requirements

• 2+ years of experience in GRC, third-party risk management, security compliance, internal audit, or a related function
• Deep understanding of cybersecurity compliance frameworks such as ISO 27001, NIST CSF, SOC 2, or PCI-DSS
• Strong risk mindset with exceptional attention to detail and critical thinking skills
• Highly organized with strong operational discipline and communication skills
• Bachelor's degree in any discipline (Computer Science, Cybersecurity, or Risk/Technology preferred)
• Ability to work onsite at the WHOOP office in Boston, MA

Preferred Qualifications

• CISA or CRISC certification

About the Company

WHOOP is a leading health and fitness technology company dedicated to helping people optimize their physical and mental performance through wearable technology and actionable data.