Senior Manager, Governance, Risk, & Compliance (GRC)
Job Summary
Job Description
The Senior Manager of Governance, Risk, and Compliance (GRC) will spearhead the GRC program's advancement in a dynamic, rapidly expanding environment. This role encompasses both the design and execution of the GRC function, starting with establishing structure, implementing tools, and managing daily activities while simultaneously building a scalable team. The ideal candidate will collaborate with teams such as Legal, Security, and Product to ensure adherence to regulations, mitigate risks, and enhance operational resilience. Responsibilities include developing and implementing a comprehensive GRC program, managing the enterprise risk register, leading third-party risk management, and overseeing policy development and training. The role also involves serving as the primary contact for audits, improving GRC tools and processes, supporting incident response, and mentoring GRC analysts.
Must have:
- 6+ years of experience in GRC, information security, audit, or compliance roles.
- Deep understanding of regulations and standards including GDPR, ISO 27001, SOC 2, and NIST CSF.
- Experience managing organizational risk registers and applying risk-informed decision-making.
- Proven ability to lead third-party risk management in collaboration with internal stakeholders.
- Familiarity with audit workflows, evidence collection, and control testing in fast-paced environments.
- Experience managing or mentoring compliance, audit, or GRC professionals.
- Proven ability to build scalable, process-driven programs in high-growth or rapidly evolving environments.
- Highly organized and detail-oriented, with strong project execution and prioritization skills.
- Demonstrated accountability to metrics, data-driven reporting, and outcome-based program management.
Good to have:
- Relevant certifications such as CISA, CISSP, CIPP/E, CRISC, ISO Lead Auditor, HITRUST CCSFP, or PMP are a plus.
- Strong commitment to embracing and leveraging AI tools in day-to-day tasks, ensuring AI-assisted work aligns with the same high-quality standards as personal contributions, with awareness of emerging governance and ethical considerations such as data privacy and model transparency.
5 skills required
Job Details
At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.
WHOOP is seeking a strategic and execution-oriented Senior Manager of Governance, Risk and Compliance to lead the next phase of the GRC program in a fast-paced, high-growth environment. This role will lead both the design and hands-on execution of the GRC function. Initially, this includes building structure, implementing tools, and guiding day-to-day activities while laying the foundation to scale team capabilities and delegate ownership over time. The ideal candidate will partner across Legal, Security, Product, and other teams to ensure alignment with regulatory frameworks, reduce enterprise risk, and strengthen operational resilience.
Responsibilities:
- Lead the development, implementation, and evolution of a comprehensive governance, risk, and compliance program aligned with standards such as ISO 27001, SOC2, GDPR, and other global regulatory expectations
- Own the enterprise risk register, delivering ongoing visibility, prioritization, and executive-level reporting across key risk domains
- Drive the third-party risk management lifecycle, overseeing vendor risk assessments and due diligence in partnership with Legal, IT, and Security
- Oversee the development and lifecycle of scalable policies, standards, and training programs that promote security awareness and strengthen organizational compliance
- Serve as the lead point of contact for internal and external audits and assessments, managing evidence workflows and driving remediation to completion
- Identify, implement, and improve GRC tools, processes, and metrics to support program scale, transparency, and accountability
- Support incident response processes by ensuring regulatory alignment, breach documentation, and post-incident reviews are conducted and integrated into risk and compliance programs
- Lead by doing - execute critical GRC workstreams directly while scaling team capabilities, maturing processes, and transitioning ownership to analysts over time
- Manage and mentor GRC analysts, balancing direct execution with team enablement as the program grows
Qualifications:
- 6+ years of experience in GRC, information security, audit, or compliance roles, preferably in health tech, SaaS, or regulated environments
- Deep understanding of regulations and standards including GDPR, ISO 27001, SOC 2, and NIST CSF
- Experience managing organizational risk registers and applying risk-informed decision-making
- Proven ability to lead third-party risk management in collaboration with internal stakeholders
- Familiarity with audit workflows, evidence collection, and control testing in fast-paced or audit-intensive environments
- Experience managing or mentoring compliance, audit, or GRC professionals
- Relevant certifications such as CISA, CISSP, CIPP/E, CRISC, ISO Lead Auditor, HITRUST CCSFP, or PMP are a plus
- Proven ability to build scalable, process-driven programs in high-growth or rapidly evolving environments
- Highly organized and detail-oriented, with strong project execution and prioritization skills across competing deadlines
- Demonstrated accountability to metrics, data-driven reporting, and outcome-based program management
- Strong commitment to embracing and leveraging AI tools in day-to-day tasks, ensuring AI-assisted work aligns with the same high-quality standards as personal contributions, with awareness of emerging governance and ethical considerations such as data privacy and model transparency
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Similar Jobs
Fluence
Houston, Texas, United States (Hybrid)
• 5 Months ago
Get notifed when new similar jobs are uploaded
Similar Skill Jobs
Microsoft
Atlanta, Georgia, United States (On-Site)
• 3 Days ago
Scout
Columbia, South Carolina, United States (On-Site)
• 1 Day ago
Scale AI
San Francisco, California, United States (On-Site)
• 1 Day ago
Sunnyvale, California, United States (On-Site)
• 2 Weeks ago
ByteDance
San Jose, California, United States (On-Site)
• 6 Months ago
Get notifed when new similar jobs are uploaded
Jobs in Boston, Massachusetts, United States
Kirkland, Washington, United States (On-Site)
• 2 Weeks ago
Netflix
Los Gatos, California, United States (On-Site)
• 3 Months ago
ByteDance
San Jose, California, United States (On-Site)
• 3 Days ago
ByteDance
San Jose, California, United States (On-Site)
• 1 Month ago
BrightEdge
Cleveland, Ohio, United States (On-Site)
• 6 Months ago
Get notifed when new similar jobs are uploaded
Similar Category Jobs
Looks like we're out of matches
Set up an alert and we'll send you similar jobs the moment they appear!
