Director of Governance, Risk, & Compliance

The Director of Governance, Risk, & Compliance (GRC) at WHOOP is a senior leadership role responsible for developing and executing the enterprise-wide GRC strategy. This position reports directly to the Chief Information Security Officer (CISO) and plays a pivotal role in aligning WHOOP's business objectives with its risk management and compliance initiatives. The role involves leading a high-performing GRC team and ensuring that WHOOP maintains the highest standards of security, privacy, and regulatory compliance.

Key responsibilities include defining and implementing the GRC strategy across policies, processes, tooling, and metrics. The director will oversee compliance programs for frameworks such as SOC 2, ISO 27001, HIPAA, GDPR, and emerging health data regulations. Additionally, the role involves managing the enterprise risk management program, including risk identification, quantification, mitigation, and reporting to executive leadership and the board. The director will also lead the third-party risk management program, ensuring that vendors and partners meet WHOOP's security and compliance requirements.

Candidates should have over 10 years of experience in GRC, information security, risk management, or compliance, with at least 5 years in a leadership role. A proven track record of scaling and maturing GRC programs in high-growth technology or health-tech companies is essential. Deep expertise across multiple compliance frameworks, including SOC 2, ISO 27001, HIPAA, GDPR, NIST CSF, and PCI-DSS, is required. Familiarity with emerging AI governance and regulatory standards, as well as a strong understanding of cloud security architectures (preferably AWS), is also important. Relevant certifications such as CISSP, CISM, CRISC, or CISA are preferred.

The U.S. base salary range for this full-time position is $185,000-$205,000. WHOOP offers a comprehensive benefits package, including health insurance, retirement plans, and equity options. The company emphasizes a culture of continuous improvement and accountability, providing opportunities for professional growth and development.

WHOOP is a performance optimization company that provides wearable technology to help individuals monitor and improve their health and fitness. The company is committed to fostering a culture of security awareness and compliance across the organization. Joining WHOOP offers the opportunity to be part of a mission-driven team dedicated to unlocking human performance and healthspan.