β TALENT ONE MARKET INTELLIGENCE: WHOOP
π₯ TALENT LIQUIDITY:
High demand for GRC leaders who understand the nuance of health data; supply of those who can balance speed with security is extremely thin.
π ALPHA SIGNAL:
This role is the ‘Chief Insurance Officer’ for the company’s valuation. By de-risking the platform, you secure your equity’s liquidity and ensure your mortgage is backed by a company that is becoming a standard in the health-tech ecosystem.
$210k – $260k Base + Equity + Performance Bonus
85.8/100
Official Role Description: Whoop
At WHOOP, weβre on a mission to unlock human performance and healthspan. Our wearable technology provides personalized insights that help millions of members better understand their bodies and make smarter decisions about training, recovery, and lifestyle.We are seeking a Director of Governance, Risk & Compliance to lead and advance the WHOOP enterprise GRC program. Reporting to the CISO, you will define and execute the strategy for governance, risk management, and compliance across the organization, translating strategic priorities into scalable programs, controls, and measurable outcomes.Β This is a senior leadership role responsible for strengthening and expanding a world-class GRC function that enables WHOOP to move quickly while maintaining the highest standards of security, privacy, and regulatory compliance.Responsibilities:Define and execute the enterprise-wide GRC strategy in alignment with WHOOP business objectives, risk appetite, and evolving regulatory landscape, driving implementation across policies, processes, tooling, and metricsLead, grow, and mentor a high-performing GRC team, establishing clear operating rhythms, ownership models, and performance expectations while fostering a culture of accountability andΒ continuous improvementOversee compliance programs across key frameworks including SOC 2, ISO 27001, HIPAA, GDPR, and emerging health data regulationsEstablish and maintain the enterprise risk management program, including risk identification, quantification, mitigation, and reporting to executive leadership and the boardΒ Own the third-party risk management program, ensuring vendors and partners meet WHOOPβs security and compliance requirementsLead and evolve governance for responsible AI use, including risk assessment, vendor oversight, regulatory alignment, and policy development in coordination with Product, Legal, and EngineeringPartner with Legal, Product, Engineering, and Privacy teams to ensure regulatory requirements are embedded into product development and business processesΒ Lead engagement with external auditors, regulators, and certification bodiesTranslate strategic objectives into operational controls and program enhancements, personally driving key initiatives as the function continues to scaleΒ Develop and present risk and compliance reporting to the C-suite, delivering clear, business-aligned risk insightsΒ Drive policy governance, ensuring security and compliance policies are current, enforceable, and aligned with industry best practicesChampion a culture of security awareness and compliance across the organizationQualifications:10+ years of progressive experience in GRC, information security, risk management, or compliance, with at least 5 years in a leadership roleProven track record of scaling and maturing GRC programs in high-growth technology or health-tech companiesDeep expertise across multiple compliance frameworks (SOC 2, ISO 27001, HIPAA, GDPR, NIST CSF, PCI-DSS) with familiarity in emerging AI governance and regulatory standardsStrong understanding of cloud security architectures (AWS preferred) and their implications for compliance and riskExperience evaluating AI/ML risk, data governance implications, or responsible AI frameworks in regulated environmentsExperience presenting risk posture and compliance metrics to executive leadership and board-level audiencesExceptional leadership skills with a demonstrated ability to attract, develop, and retain top GRC talentStrong business acumen with the ability to translate technical risk into business termsRelevant certifications preferred (CISSP, CISM, CRISC, CISA, or equivalent)WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility.Β It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.Β The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.Β At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the companyβs long-term growth and success.Β The U.S. base salary range for this full-time position is $185,000-$205,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training.Β Β In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.Β These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidateβs specific qualifications, expertise, and alignment with the roleβs requirements.Β Β