GRC Analyst

Work from home Full-time role Hiring

At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.

WHOOP is seeking a GRC Analyst to join our growing team. As a GRC Analyst, you will support the Governance, Risk, and Compliance (GRC) function by executing third-party risk management (TPRM) assessments, maintaining compliance initiatives, managing security awareness, and maintaing operating procedures, GPTs, etc. Your attention to detail and analytical skills will contribute to the effectiveness of our security and compliance efforts.

Responsibilities

Evaluate and manage risks associated with new and existing third-party vendors and service providers through the TPRM assessment process.

Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.

Assist in the development and delivery of security awareness and training programs to educate employees on security policies, procedures, and best practices.

Oversee the GRC support ticket queue, including responding to and resolving tickets in a timely manner.

Maintain and update GRC standard operating procedures to ensure consistency and efficiency. Identify areas for process improvement within the GRC program and assist in implementing enhancements to improve effectiveness and efficiency.

Assist in conducting risk assessments, identifying potential threats and vulnerabilities, and documenting and tracking risk mitigation efforts.

Support ongoing compliance monitoring activities to ensure adherence to internal policies, relevant regulations, standards, and contractual obligations.

Response and Investigation: Provide support in incident response activities, including documentation, coordination as directed.

Participate in the review, development, and maintenance of security policies, standards, and procedures to ensure compliance with regulatory mandates and industry standards.

Qualifications

Bachelor's degree in Information Security, Computer Science, or relevant certifications preferred but not required (i.e., CompTIA Security+, CISSP, CISA, CISM, GRC-specific certifications).

At least 1 year of experience or equivalent strong internship experience in information security, risk management, audit, or compliance roles.

Understanding of compliance frameworks including GDPR, HIPAA, SOC2, ISO 27001, and NIST CSF.

Excellent analytical and problem-solving skills with attention to detail.

Effective communication and interpersonal skills, with the ability to collaborate with cross-functional teams.

Detail-oriented with superior organizational and time-management skills - balancing multiple projects, deadlines, and requests.

Driven with a can-do attitude and determination to succeed.

Additional Information

Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.

WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

apply to this job

Apply

GRC Analyst

Responsibilities

Qualifications

Additional Information

You might like

copywriter

Product Enablement Manager

Senior Software Developer, Reliability

Senior Software Developer, Data Platform

Sales Director, North America East Coast - New York

[Future Opportunities] Senior Game Designer, XR

Software Implementation Consultant I (Location Acquisition Services Financial)- US

(US) Associate Project Manager, Marketing

(Canada) Associate Project Manager, Marketing

IT Support Engineer

Require (USA) COACH/OPS MGR TRAINEE in Comstock Park, MI

Experienced Data Entry Specialist – Remote Market Research Participant

Systems & Automation Developer

Regional VP, Enterprise

Experienced Part-Time Remote Data Entry Clerk – Unlimited Opportunities for Growth and Development at arenaflex

Experienced Full Stack Data Engineer – Web & Cloud Application Development

Client Partner Enterprise

Experienced Customer Support Specialist – Remote Part-Time Opportunity at arenaflex

Papa Pal (Caregiver) in Michigan Center, MI

Remote Customer Service & Life Insurance Sales Advisor – Flexible Hours, High‑Earning Potential, Career Growth & Full‑Time Remote Work at arenaflex