GRC Analyst - job 1 of 2
At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.
WHOOP is seeking a GRC Analyst to join our growing team. As a GRC Analyst, you will support the Governance, Risk, and Compliance (GRC) function by executing third-party risk management (TPRM) assessments, maintaining compliance initiatives, managing security awareness, and maintaing operating procedures, GPTs, etc. Your attention to detail and analytical skills will contribute to the effectiveness of our security and compliance efforts.
- Evaluate and manage risks associated with new and existing third-party vendors and service providers through the TPRM assessment process.
- Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.
- Assist in the development and delivery of security awareness and training programs to educate employees on security policies, procedures, and best practices.
- Oversee the GRC support ticket queue, including responding to and resolving tickets in a timely manner.
- Maintain and update GRC standard operating procedures to ensure consistency and efficiency. Identify areas for process improvement within the GRC program and assist in implementing enhancements to improve effectiveness and efficiency.
- Assist in conducting risk assessments, identifying potential threats and vulnerabilities, and documenting and tracking risk mitigation efforts.
- Support ongoing compliance monitoring activities to ensure adherence to internal policies, relevant regulations, standards, and contractual obligations.
- Response and Investigation: Provide support in incident response activities, including documentation, coordination as directed.
- Participate in the review, development, and maintenance of security policies, standards, and procedures to ensure compliance with regulatory mandates and industry standards.
- Bachelor's degree in Information Security, Computer Science, or relevant certifications preferred but not required (i.e., CompTIA Security+, CISSP, CISA, CISM, GRC-specific certifications).
- At least 1 year of experience or equivalent strong internship experience in information security, risk management, audit, or compliance roles.
- Understanding of compliance frameworks including GDPR, HIPAA, SOC2, ISO 27001, and NIST CSF.
- Excellent analytical and problem-solving skills with attention to detail.
- Effective communication and interpersonal skills, with the ability to collaborate with cross-functional teams.
- Detail-oriented with superior organizational and time-management skills - balancing multiple projects, deadlines, and requests.
- Driven with a can-do attitude and determination to succeed.
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Average salary estimate
If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.
Join our dynamic team at WHOOP as a GRC Analyst, where we're passionate about unlocking human performance and helping our members live their best lives! Located in Boston, MA, this role offers you the opportunity to dive into the fascinating world of Governance, Risk, and Compliance. In your day-to-day, you'll be executing essential third-party risk management assessments, ensuring compliance initiatives are upheld, and keeping our operating procedures sharp and up-to-date. Your meticulous attention to detail and analytical prowess will play a crucial role in enhancing our security and compliance efforts. You'll evaluate risks associated with both new and existing vendors, aid audit activities by gathering critical evidence, and contribute to the development of training programs that empower our staff with the knowledge to adhere to security policies. Additionally, you'll manage the GRC support ticket queue, handle risk assessments to document and track mitigation efforts, and participate in incident responses when necessary. Ideal candidates will have a Bachelor's degree in Information Security or a related field and at least one year of experience in information security, risk management, or a similar area. Familiarity with frameworks like GDPR, HIPAA, and SOC2 is beneficial. At WHOOP, we believe in the strength of diverse perspectives and encourage anyone interested in this role to apply, regardless of qualifications. Join us, and together we'll achieve greatness while fostering an inclusive environment!
Our mission at WHOOP is to unlock human performance. We believe that every individual has an inner potential that can be enhanced through continuous monitoring. As such we've built a system across hardware, software, and analytics designed to coll...
102 jobs
Subscribe to Rise newsletter
🔮
Hi, I'm Risa! Your AI Career Copilot
you, just ask me below!
Sign up for our weekly
newsletter of fresh jobs
