Director of Governance, Risk, & Compliance

At WHOOP, we’re on a mission to unlock human performance and healthspan. Our wearable technology provides personalized insights that help millions of members better understand their bodies and make smarter decisions about training, recovery, and lifestyle.

We are seeking a Director of Governance, Risk & Compliance to lead and advance the WHOOP enterprise GRC program. Reporting to the CISO, you will define and execute the strategy for governance, risk management, and compliance across the organization, translating strategic priorities into scalable programs, controls, and measurable outcomes.

This is a senior leadership role responsible for strengthening and expanding a world-class GRC function that enables WHOOP to move quickly while maintaining the highest standards of security, privacy, and regulatory compliance.

Responsibilities

• Define and execute the enterprise-wide GRC strategy in alignment with WHOOP business objectives, risk appetite, and evolving regulatory landscape, driving implementation across policies, processes, tooling, and metrics
• Lead, grow, and mentor a high-performing GRC team, establishing clear operating rhythms, ownership models, and performance expectations while fostering a culture of accountability and continuous improvement
• Oversee compliance programs across key frameworks including SOC 2, ISO 27001, HIPAA, GDPR, and emerging health data regulations
• Establish and maintain the enterprise risk management program, including risk identification, quantification, mitigation, and reporting to executive leadership and the board
• Own the third-party risk management program, ensuring vendors and partners meet WHOOP’s security and compliance requirements
• Lead and evolve governance for responsible AI use, including risk assessment, vendor oversight, regulatory alignment, and policy development in coordination with Product, Legal, and Engineering
• Partner with Legal, Product, Engineering, and Privacy teams to ensure regulatory requirements are embedded into product development and business processes
• Lead engagement with external auditors, regulators, and certification bodies
• Translate strategic objectives into operational controls and program enhancements, personally driving key initiatives as the function continues to scale
• Develop and present risk and compliance reporting to the C-suite, delivering clear, business-aligned risk insights
• Drive policy governance, ensuring security and compliance policies are current, enforceable, and aligned with industry best practices
• Champion a culture of security awareness and compliance across the organization
  
  

Qualifications

• 10 years of progressive experience in GRC, information security, risk management, or compliance, with at least 5 years in a leadership role
• Proven track record of scaling and maturing GRC programs in high-growth technology or health-tech companies
• Deep expertise across multiple compliance frameworks (SOC 2, ISO 27001, HIPAA, GDPR, NIST CSF, PCI-DSS) with familiarity in emerging AI governance and regulatory standards
• Strong understanding of cloud security architectures (AWS preferred) and their implications for compliance and risk
• Experience evaluating AI/ML risk, data governance implications, or responsible AI frameworks in regulated environments
• Experience presenting risk posture and compliance metrics to executive leadership and board-level audiences
• Exceptional leadership skills with a demonstrated ability to attract, develop, and retain top GRC talent
• Strong business acumen with the ability to translate technical risk into business terms
• Relevant certifications preferred (CISSP, CISM, CRISC, CISA, or equivalent)
  
  

WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.

At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success.

The U.S. base salary range for this full-time position is $185,000-$205,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training.

In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.

These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements.