Startup Jobs
Post a Job
Whoop

Director of Governance, Risk, & Compliance

Boston, Massachusetts, U.S.

TLDR

Lead and advance WHOOP's governance, risk management, and compliance program, ensuring security and regulatory compliance while fostering a culture of accountability and continuous improvement.

Responsibilities:
  • Define and execute the enterprise-wide GRC strategy in alignment with WHOOP business objectives, risk appetite, and evolving regulatory landscape, driving implementation across policies, processes, tooling, and metrics
  • Lead, grow, and mentor a high-performing GRC team, establishing clear operating rhythms, ownership models, and performance expectations while fostering a culture of accountability and  continuous improvement
  • Oversee compliance programs across key frameworks including SOC 2, ISO 27001, HIPAA, GDPR, and emerging health data regulations
  • Establish and maintain the enterprise risk management program, including risk identification, quantification, mitigation, and reporting to executive leadership and the board
  •  Own the third-party risk management program, ensuring vendors and partners meet WHOOP’s security and compliance requirements
  • Lead and evolve governance for responsible AI use, including risk assessment, vendor oversight, regulatory alignment, and policy development in coordination with Product, Legal, and Engineering
  • Partner with Legal, Product, Engineering, and Privacy teams to ensure regulatory requirements are embedded into product development and business processes
  •  Lead engagement with external auditors, regulators, and certification bodies
  • Translate strategic objectives into operational controls and program enhancements, personally driving key initiatives as the function continues to scale
  •  Develop and present risk and compliance reporting to the C-suite, delivering clear, business-aligned risk insights
  •  Drive policy governance, ensuring security and compliance policies are current, enforceable, and aligned with industry best practices
  • Champion a culture of security awareness and compliance across the organization
Qualifications:

  • 10+ years of progressive experience in GRC, information security, risk management, or compliance, with at least 5 years in a leadership role

  • Proven track record of scaling and maturing GRC programs in high-growth technology or health-tech companies

  • Deep expertise across multiple compliance frameworks (SOC 2, ISO 27001, HIPAA, GDPR, NIST CSF, PCI-DSS) with familiarity in emerging AI governance and regulatory standards

  • Strong understanding of cloud security architectures (AWS preferred) and their implications for compliance and risk

  • Experience evaluating AI/ML risk, data governance implications, or responsible AI frameworks in regulated environments

  • Experience presenting risk posture and compliance metrics to executive leadership and board-level audiences

  • Exceptional leadership skills with a demonstrated ability to attract, develop, and retain top GRC talent

  • Strong business acumen with the ability to translate technical risk into business terms

  • Relevant certifications preferred (CISSP, CISM, CRISC, CISA, or equivalent)

WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility.  It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
 
The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.
 
At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success.
 
The U.S. base salary range for this full-time position is $185,000-$205,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. 
 
In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.
 
These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements.
 
 
 Whoop

Whoop builds a performance optimization platform that helps individuals understand their bodies and health through advanced wearable technology. Targeted at fitness enthusiasts and health-conscious individuals, this startup stands out by focusing on personalized metrics and insights that drive improved performance and longevity.

Website LinkedIn
View all jobs
Salary
$185,000 – $205,000 per year
Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Director Q&A's
Report this job
Apply for this job