GRC Analyst
Boston, MA
WHOOP
Monitor your sleep, strain, recovery, and health with the most advanced fitness and health wearable available today. WHOOP helps you discover data-driven insights for a healthier, more empowered life.
At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.
As a GRC Analyst, you will play a crucial role in supporting the development, implementation, and maintenance of our Governance, Risk, and Compliance (GRC) program. Working under the guidance of the CISO, you will assist in various GRC activities, including policy development, risk assessment, compliance monitoring, and audit coordination. Your attention to detail and analytical skills will contribute to the effectiveness of our security and compliance efforts.
This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
As a GRC Analyst, you will play a crucial role in supporting the development, implementation, and maintenance of our Governance, Risk, and Compliance (GRC) program. Working under the guidance of the CISO, you will assist in various GRC activities, including policy development, risk assessment, compliance monitoring, and audit coordination. Your attention to detail and analytical skills will contribute to the effectiveness of our security and compliance efforts.
This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.
RESPONSIBILITIES:
- Support GRC Framework Implementation: Assist in the development and implementation of the GRC framework to support business objectives, aligned with industry best practices and regulatory requirements.
- Risk Management: Assist in conducting risk assessments, supporting the development and adherence of risk mitigation strategies, and maintaining the risk register.
- Compliance Monitoring: Support ongoing compliance monitoring activities to ensure adherence to internal policies, relevant regulations, standards, and contractual obligations.
- Vendor Risk Management: Assist in evaluating and managing risks associated with third-party vendors and service providers through vendor risk assessment processes.
- Support Incident Response and Investigation: Provide support in incident response activities, including documentation, coordination, and post-incident analysis as directed.
- Security Awareness and Training: Assist in the development and delivery of security awareness and training programs to educate employees on security policies, procedures, and best practices.
- Audit Support: Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.
- Ticket Queue Support: Manage and resolve GRC support tickets promptly and efficiently
- Policy Review and Management: Participate in the review, development, and maintenance of security policies, standards, and procedures to ensure compliance with regulatory mandates and industry standards.
- Contribute to Continuous Improvement: Identify areas for process improvement within the GRC program and assist in implementing enhancements to improve effectiveness and efficiency.
QUALIFICATIONS:
- Bachelor's degree in Information Security, Computer Science, or relevant certifications (e.g., CompTIA Security+, CISSP, CISA, CISM, GRC certifications) a plus.
- Minimum of 2 years of experience in information security, risk management, audit, or compliance roles.
- Strong understanding of GRC concepts, principles, and practices.
- Familiarity with relevant regulations, standards, and frameworks (e.g., GDPR, SOC2, ISO 27001, NIST Cybersecurity Framework).
- Excellent analytical and problem-solving skills with attention to detail.
- Effective communication and interpersonal skills, with the ability to establish relationships and collaborate with cross-functional teams.
- Detail-oriented with superior organizational and time-management skills - balancing multiple projects, deadlines, and requests.
- Proven ability to navigate ambiguity and complexity, turning uncertainty into clarity and actionable insights.
- Driven with a pro-active and results-oriented approach, demonstrating a can-do attitude and determination to succeed.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
0
0
0
Categories:
Analyst Jobs
Compliance Jobs
Tags: CISA CISM CISO CISSP Compliance CompTIA Computer Science GDPR Governance Incident response ISO 27001 Monitoring NIST Risk assessment Risk management SOC 2
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Manager jobsInformation Systems Security Officer jobsInformation Security Officer jobsInformation System Security Officer jobsSenior Cybersecurity Engineer jobsInformation Security Specialist jobsSenior Cyber Security Engineer jobsSenior Network Security Engineer jobsSecurity Consultant jobsSenior Information Security Analyst jobsPrincipal Security Engineer jobsSecurity Specialist jobsSenior Penetration Tester jobsIT Security Engineer jobsChief Information Security Officer jobsCyber Security Specialist jobsStaff Security Engineer jobsCloud Security Architect jobsInformation System Security Officer (ISSO) jobsCyber Security Architect jobsCybersecurity Consultant jobsIT Security Analyst jobsSecurity Operations Analyst jobsThreat Intelligence Analyst jobsSenior Product Security Engineer jobs
Malware jobsSaaS jobsGDPR jobsEncryption jobsRMF jobsSDLC jobsEDR jobsSQL jobsSplunk jobsIDS jobsForensics jobsIPS jobsTop Secret jobsBash jobsITIL jobsIntrusion detection jobsDocker jobsCompTIA jobsFinance jobsOWASP jobsDoDD 8570 jobsTerraform jobsCRISC jobsActive Directory jobsTCP/IP jobs
UNIX jobsThreat detection jobsSANS jobsGIAC jobsVPN jobsClearance Required jobsBanking jobsPolygraph jobsJavaScript jobsOSCP jobsIT infrastructure jobsData Analytics jobsDNS jobsHIPAA jobsArtificial Intelligence jobsAnsible jobsCCSP jobsGCIH jobsJira jobsOracle jobsSOAR jobsMachine Learning jobsMITRE ATT&CK jobsIndustrial jobsSOX jobs