GRC Analyst

As a GRC Analyst, you will play a crucial role in supporting the development, implementation, and maintenance of our Governance, Risk, and Compliance (GRC) program. Working under the guidance of the CISO, you will assist in various GRC activities, including policy development, risk assessment, compliance monitoring, and audit coordination. Your attention to detail and analytical skills will contribute to the effectiveness of our security and compliance efforts.

Responsibilities:

• Support GRC Framework Implementation: Assist in the development and implementation of the GRC framework aligned with industry best practices and regulatory requirements.
• Risk Assessment Assistance: Assist in conducting risk assessments, identifying potential threats and vulnerabilities, and supporting the development of risk mitigation strategies.
• Compliance Monitoring: Support ongoing compliance monitoring activities to ensure adherence to internal policies, relevant regulations, standards, and contractual obligations.
• Assist in Vendor Risk Management: Assist in evaluating and managing risks associated with third-party vendors and service providers through vendor risk assessment processes.
• Support Incident Response and Investigation: Provide support in incident response activities, including documentation, coordination, and post-incident analysis as directed.
• Security Awareness and Training: Assist in the development and delivery of security awareness and training programs to educate employees on security policies, procedures, and best practices.
• Audit Support: Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.
• Ticket Queue Support: Oversee the GRC support ticket queue, including responding to and resolving tickets in a timely manner.
• Policy Review and Management: Participate in the review, development, and maintenance of security policies, standards, and procedures to ensure compliance with regulatory mandates and industry standards.
• Contribute to Continuous Improvement: Identify areas for process improvement within the GRC program and assist in implementing enhancements to improve effectiveness and efficiency.

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or relevant certifications (e.g., CompTIA Security+, CISSP, CISA, CISM, GRC certifications) a plus.
• Minimum of 2 years of experience in information security, risk management, audit, or compliance roles.
• Strong understanding of GRC concepts, principles, and practices.
• Familiarity with relevant regulations, standards, and frameworks (e.g., GDPR, SOC2, ISO 27001, NIST Cybersecurity Framework).
• Excellent analytical and problem-solving skills with attention to detail.
• Effective communication and interpersonal skills, with the ability to collaborate with cross-functional teams.
• Detail-oriented with superior organizational and time-management skills - balancing multiple projects, deadlines, and requests.
• Driven with a can-do attitude and determination to succeed.

This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office. 
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility.