Senior Risk & Compliance Analyst

Responsibilities

• Lead cyber and technology risk assessments across systems, cloud environments, and business processes.
• Maintain and operate the enterprise cyber risk register, including drafting risk statements and tracking mitigation plans.
• Translate technical findings and architectural concerns into clear business risk scenarios for stakeholders.
• Support the maturation of quantitative cyber risk analysis approaches such as FAIR.
• Partner with Security Architecture, Engineering, Product, and Legal teams to evaluate new initiatives and technology changes.
• Conduct risk assessments for emerging technologies, specifically focusing on artificial intelligence and machine learning systems.
• Develop dashboards and reporting to provide leadership with visibility into cybersecurity risks and trends.

Requirements

• 6+ years of experience in cybersecurity risk management, information security, or technology risk.
• Demonstrated experience conducting structured cybersecurity or IT risk assessments.
• Proven experience maintaining risk registers and tracking mitigation activities.
• Strong understanding of security frameworks such as NIST CSF, ISO 27001, or PCI DSS.
• Familiarity with regulatory environments including GDPR, HIPAA, or other privacy requirements.
• Experience assessing risks related to AI/ML systems and emerging technology governance.
• Strong communication skills with the ability to present technical findings to non-technical stakeholders.

Preferred Qualifications

• Professional certifications such as CRISC, CISSP, CISM, CISA, or CGRC.
• Experience with quantitative risk measurement methodologies.

About the Company

WHOOP is on a mission to unlock human performance and extend healthspan. We provide wearable technology and data-driven insights to help individuals optimize their health and recovery.