GRC Analyst

About Whoop

At WHOOP, we’re on a mission to unlock human performance and healthspan. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.

Job Summary

As a GRC Analyst, you will play a crucial role in supporting the development, implementation, and maintenance of our Governance, Risk, and Compliance (GRC) program. Working under the guidance of the GRC Senior Manager you will assist in various activities, including policy development, risk assessments, compliance framework implementation and monitoring, and audit coordination.

Key Responsibilities

• Assist in the development and implementation of the GRC framework to support business objectives, aligned with industry best practices and regulatory requirements.
• Assist in conducting risk assessments, supporting the development and adherence of risk mitigation strategies, and maintaining the risk register.
• Support ongoing compliance monitoring activities to ensure adherence to internal policies, relevant regulations, standards, and contractual obligations.
• Assist in evaluating and managing risks associated with third-party vendors and service providers through vendor risk assessment processes.
• Provide support in incident response activities, including documentation, coordination, and post-incident analysis as directed.
• Assist in the development and delivery of security awareness and training programs to educate employees on security policies, procedures, and best practices.
• Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.
• Manage and resolve GRC support tickets promptly and efficiently.
• Participate in the review, development, and maintenance of security policies, standards, and procedures to ensure compliance with regulatory mandates and industry standards.
• Maintain and update GRC standard operating procedures to ensure consistency and efficiency.
• Identify areas for process improvement within the GRC program and assist in implementing enhancements to improve effectiveness and efficiency.

Requirements

• Bachelor’s degree in Information Security, Computer Science, or relevant certifications (e.g., CompTIA Security+, CISSP, CISA, CISM, GRC certifications) a plus.
• Minimum of 2 years of experience in information security, risk management, audit, or compliance roles.
• Strong understanding of GRC concepts, principles, and practices.
• Familiarity with relevant regulations, standards, and frameworks (e.g., GDPR, SOC2, ISO 27001, NIST Cybersecurity Framework).
• Excellent analytical skills.