Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
GRC Analyst image - Rise Careers
Job details

GRC Analyst - job 1 of 2

At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. 


WHOOP is seeking a GRC Analyst to join our growing team. As a GRC Analyst, you will support the Governance, Risk, and Compliance (GRC) function by executing third-party risk management (TPRM) assessments, maintaining compliance initiatives, managing security awareness, and maintaing operating procedures, GPTs, etc.  Your attention to detail and analytical skills will contribute to the effectiveness of our security and compliance efforts.


Responsibilities:
  • Evaluate and manage risks associated with new and existing third-party vendors and service providers through the TPRM assessment process. 
  • Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.
  • Assist in the development and delivery of security awareness and training programs to educate employees on security policies, procedures, and best practices. 
  • Oversee the GRC support ticket queue, including responding to and resolving tickets in a timely manner.
  • Maintain and update GRC standard operating procedures to ensure consistency and efficiency. Identify areas for process improvement within the GRC program and assist in implementing enhancements to improve effectiveness and efficiency.
  • Assist in conducting risk assessments, identifying potential threats and vulnerabilities, and documenting and tracking risk mitigation efforts. 
  • Support ongoing compliance monitoring activities to ensure adherence to internal policies, relevant regulations, standards, and contractual obligations.
  • Response and Investigation: Provide support in incident response activities, including documentation, coordination as directed.
  • Participate in the review, development, and maintenance of security policies, standards, and procedures to ensure compliance with regulatory mandates and industry standards.


Qualifications:
  • Bachelor's degree in Information Security, Computer Science, or relevant certifications preferred but not required (i.e., CompTIA Security+, CISSP, CISA, CISM, GRC-specific  certifications).
  • At least 1 year of experience or equivalent strong internship experience in information security, risk management, audit, or compliance roles.
  • Understanding of compliance frameworks including GDPR, HIPAA, SOC2, ISO 27001, and NIST CSF.
  • Excellent analytical and problem-solving skills with attention to detail.
  • Effective communication and interpersonal skills, with the ability to collaborate with cross-functional teams.
  • Detail-oriented with superior organizational and time-management skills - balancing multiple projects, deadlines, and requests.
  • Driven with a can-do attitude and determination to succeed.


Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.


WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility.  It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

WHOOP Glassdoor Company Review
3.4 Glassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon Glassdoor star icon
WHOOP DE&I Review
No rating Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon
CEO of WHOOP
WHOOP CEO photo
Will Ahmed
Approve of CEO

Average salary estimate

$70000 / YEARLY (est.)
min
max
$60000K
$80000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About GRC Analyst, WHOOP

Join our dynamic team at WHOOP as a GRC Analyst, where we're passionate about unlocking human performance and helping our members live their best lives! Located in Boston, MA, this role offers you the opportunity to dive into the fascinating world of Governance, Risk, and Compliance. In your day-to-day, you'll be executing essential third-party risk management assessments, ensuring compliance initiatives are upheld, and keeping our operating procedures sharp and up-to-date. Your meticulous attention to detail and analytical prowess will play a crucial role in enhancing our security and compliance efforts. You'll evaluate risks associated with both new and existing vendors, aid audit activities by gathering critical evidence, and contribute to the development of training programs that empower our staff with the knowledge to adhere to security policies. Additionally, you'll manage the GRC support ticket queue, handle risk assessments to document and track mitigation efforts, and participate in incident responses when necessary. Ideal candidates will have a Bachelor's degree in Information Security or a related field and at least one year of experience in information security, risk management, or a similar area. Familiarity with frameworks like GDPR, HIPAA, and SOC2 is beneficial. At WHOOP, we believe in the strength of diverse perspectives and encourage anyone interested in this role to apply, regardless of qualifications. Join us, and together we'll achieve greatness while fostering an inclusive environment!

Frequently Asked Questions (FAQs) for GRC Analyst Role at WHOOP
What are the responsibilities of a GRC Analyst at WHOOP?

As a GRC Analyst at WHOOP, your primary responsibilities will include executing third-party risk management assessments, supporting audit activities, and developing security awareness programs. You'll play a key role in maintaining compliance initiatives and overseeing the GRC support ticket queue to address any GRC-related inquiries. Your work will help ensure that WHOOP maintains robust security and compliance practices.

Join Rise to see the full answer
What qualifications do I need to apply for the GRC Analyst position at WHOOP?

To apply for the GRC Analyst role at WHOOP, a Bachelor's degree in Information Security, Computer Science, or a related field is preferred. While at least one year of experience in information security, risk management, or compliance is valued, strong internship experiences can also be considered. Knowledge of compliance frameworks like GDPR, HIPAA, and SOC2 will be beneficial in this role.

Join Rise to see the full answer
How does WHOOP support career development for GRC Analysts?

WHOOP is committed to fostering employee growth, especially for GRC Analysts. You will have access to training programs that enhance your skills in security awareness, risk management, and compliance. Additionally, WHOOP encourages team members to pursue relevant certifications, such as CompTIA Security+ or CISM, helping you stay updated with industry standards and best practices.

Join Rise to see the full answer
What is the company culture like for a GRC Analyst at WHOOP?

The company culture at WHOOP is inclusive and collaborative, making it a great place for GRC Analysts. You'll find a friendly atmosphere where your ideas are valued, and teamwork is encouraged. WHOOP believes in the potential of every employee, and we promote diversity and resilience, allowing you to contribute your unique perspective to the team.

Join Rise to see the full answer
What can I expect during the interview process for the GRC Analyst role at WHOOP?

The interview process for the GRC Analyst position at WHOOP typically begins with an initial phone screening, followed by one or more in-depth interviews. During the interviews, you'll meet with team members who will assess your technical knowledge, problem-solving skills, and how well you fit within the company culture. You may also be asked to complete a case study or scenario relevant to the role.

Join Rise to see the full answer
Common Interview Questions for GRC Analyst
Can you explain your experience with third-party risk management?

In your response, discuss specific examples of how you've conducted third-party risk assessments in previous roles. Highlight the methodologies you used and the outcomes achieved, emphasizing your analytical skills and attention to detail.

Join Rise to see the full answer
What compliance frameworks are you familiar with, and how have you applied them?

Be prepared to talk about your experience with frameworks such as GDPR, HIPAA, and SOC2. Explain how you've implemented aspects of these frameworks in your work, such as conducting audits or ensuring staff compliance with regulations.

Join Rise to see the full answer
Describe a time when you identified a potential security risk and how you handled it.

Use the STAR method to outline your experience. Describe the situation, the task you needed to accomplish, the action you took to identify the risk, and the result of your efforts to mitigate it. This showcases your proactive approach to security.

Join Rise to see the full answer
How do you prioritize multiple projects and deadlines as a GRC Analyst?

Share your organizational strategies, such as using project management tools or prioritizing tasks based on urgency and impact. Highlight your time management skills and any experience you have balancing various responsibilities effectively.

Join Rise to see the full answer
What tools or software are you proficient in related to GRC tasks?

Talk about specific software you've used, like GRC platforms or compliance management tools. If you have experience with data analysis or risk assessment tools, mention those as well, and explain how they supported your work.

Join Rise to see the full answer
How do you stay updated on industry trends and changes in compliance regulations?

Explain your methods for keeping abreast of the latest developments, whether through attending webinars, participating in professional organizations, or reading industry publications. This demonstrates your commitment to continuous learning.

Join Rise to see the full answer
Can you discuss any experience you have in conducting internal audits?

Provide a brief overview of your role in past audits, including the objectives, processes you followed, and any specific outcomes or improvements that resulted from your audit activities.

Join Rise to see the full answer
How do you handle incidents related to security breaches or compliance failures?

Discuss your process for incident response, including how you document incidents and collaborate with teams to resolve issues. Emphasize the importance of timely reporting and thorough investigation.

Join Rise to see the full answer
What strategies do you use to educate employees on security best practices?

Share your approach to developing and delivering training programs, including any creative techniques used to engage employees. Highlight the importance of fostering a culture of security awareness within the organization.

Join Rise to see the full answer
Why do you want to work as a GRC Analyst at WHOOP?

Articulate your genuine interest in WHOOP’s mission to unlock human performance. Discuss how the GRC Analyst role aligns with your career goals and your passion for security and compliance, showcasing your enthusiasm for the opportunity.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
Posted 3 days ago
Photo of the Rise User
Posted 2 days ago
Photo of the Rise User
Posted 10 days ago
Zifo Hybrid No location specified
Posted 13 days ago
Photo of the Rise User
Posted 13 days ago
Photo of the Rise User
Zscaler Remote San Jose, California, USA
Posted 7 days ago
Photo of the Rise User
Posted 4 days ago

Our mission at WHOOP is to unlock human performance. We believe that every individual has an inner potential that can be enhanced through continuous monitoring. As such we've built a system across hardware, software, and analytics designed to coll...

91 jobs
MATCH
Calculating your matching score...
FUNDING
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
EMPLOYMENT TYPE
Full-time, on-site
DATE POSTED
March 8, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
LATEST ACTIVITY
Photo of the Rise User
8 people applied to Excel Developer at Valcre
Photo of the Rise User
Someone from OH, Mason just viewed Marketing & Communications Intern at Per Scholas
Photo of the Rise User
Someone from OH, Lakewood just viewed Recruiter (Talent Sourcing), 6 month contract at Jerry
Photo of the Rise User
Someone from OH, Westerville just viewed Director Change Management at Discover
Photo of the Rise User
Someone from OH, Dublin just viewed Applied AI Engineer – Computer Vision at Kodiak
Photo of the Rise User
Someone from OH, Dublin just viewed Computer Vision Engineer at Near Space Labs
Photo of the Rise User
Someone from OH, Cleveland just viewed Accounting Co-Op (Part-Time) at Avery Dennison
Photo of the Rise User
Someone from OH, Euclid just viewed Lighting Intern, DreamWorks, Summer 2025 at NBCUniversal
Photo of the Rise User
Someone from OH, Cincinnati just viewed Saw Operator I at Eriez
Photo of the Rise User
Someone from OH, Burton just viewed Creative Director at Webster University
Photo of the Rise User
Someone from OH, Lewis Center just viewed Risk Analytics Manager at Jobber
Photo of the Rise User
Someone from OH, Lewis Center just viewed Risk Analyst II at GoFundMe
Photo of the Rise User
Someone from OH, Lewis Center just viewed Senior Risk Analyst at GoFundMe
Photo of the Rise User
Someone from OH, Lewis Center just viewed Manager, Fraud Operations at Twilio
Y
Someone from OH, Lewis Center just viewed Fraud Manager at Yellow Social Interactive
Photo of the Rise User
Someone from OH, Lewis Center just viewed Senior Associate, Fraud Strategy and Analytics at Wealthsimple
Photo of the Rise User
Someone from OH, Lewis Center just viewed Consulting Manager Fraud Practice at Visa
Photo of the Rise User
Someone from OH, Mansfield just viewed 12 Hour Shift- Food Production Supervisor at Shearer's Foods
Photo of the Rise User
Someone from OH, Lewis Center just viewed Fraud Detection Specialist – Payment Detection (Hybrid) at Zopa
Photo of the Rise User
Someone from OH, Lewis Center just viewed Fraud Operations Specialist - Banking Operations (Hybrid) at Zopa
Photo of the Rise User
Someone from OH, Lewis Center just viewed Senior Third-Party Risk Analyst at Fenergo