GRC Manager
Company: Whoop, Inc
Location: Boston
Posted on: November 13, 2024
Job Description:
At WHOOP, we're on a mission to unlock human performance. WHOOP
empowers members to perform at a higher level through a deeper
understanding of their bodies and daily lives.WHOOP is seeking a
GRC Manager to drive the development, implementation, and
maintenance of our Governance, Risk, and Compliance (GRC) program.
Reporting directly to the Chief Information Security Officer
(CISO), you will play a pivotal role in shaping our security
landscape by applying standards-based best practices, ensuring
compliance with global regulations, and communicating effectively
with internal and external stakeholders. As a hands-on leader, you
spearhead initiatives to grow and mature the GRC team and
processes, while also managing and resolving GRC support
tickets.RESPONSIBILITIES:
- Develop and Implement GRC Framework: Design, implement, and
maintain an effective GRC framework aligned with industry best
practices and regulatory requirements, including ISO 27001 and
GDPR. Apply standards-based best practices to ensure the security
program meets organizational needs.
- Policy Development and Management: Develop, review, and update
security policies, standards, and procedures in collaboration with
relevant stakeholders to ensure global regulatory compliance.
Communicate effectively about our policies and practices to
internal and external stakeholders.
- Risk Assessment and Management: Conduct risk assessments,
maintain the risk register, and provide appropriate reporting to
Executive leadership. Track and keep abreast of emerging risks,
threats, legal and regulatory changes, and other developments in
the security field.
- Compliance Monitoring: Monitor and ensure compliance with
internal policies, relevant regulations, standards, and contractual
obligations (e.g., GDPR, ISO 27001) across global operations.
- Vendor Risk Management: Assess and manage risks associated with
third-party vendors and service providers through effective vendor
risk management processes.
- Incident Response and Investigation: Develop and maintain an
incident response plan, coordinate incident response activities,
and conduct post-incident investigations as needed.
- Security Awareness and Training: Develop and deliver security
awareness and training programs to educate employees on security
policies, procedures, and best practices.
- Audit Coordination: Serve as the primary point of contact for
internal and external audits, coordinate audit activities, and
ensure timely remediation of audit findings.
- Privacy Impact Assessments (PIAs) and Data Protection Impact
Assessments (DPIAs): Lead the execution of PIAs and DPIAs to ensure
compliance with privacy regulations and organizational
policies.
- GRC Queue Management: Actively participate in the GRC support
queue, responding to and resolving inquiries and requests in a
timely manner, demonstrating a commitment to providing excellent
service.
- Team Expansion Planning: Develop strategies and plans for
expanding the GRC team and tools to support the growth and maturity
of the GRC program.
- Continuous Improvement: Identify process improvements and tools
to improve security posture. Identify areas for improvement within
the GRC program and partners, implement enhancements, and drive
continuous improvement initiatives.QUALIFICATIONS:
- Degree in Information Security, Computer Science, or related
field; Master's degree preferred or industry-recognized
certifications such as CISSP, CISM, CISA CRISC, or equivalent.
- Minimum of 5 years of experience in information security, risk
management, audit, or compliance roles.
- Understand a risk-informed approach to security that respects
and supports business needs without compromising key security
priorities.
- Strong understanding of relevant regulations, standards, and
frameworks (e.g., GDPR, SOC2, ISO 27001, NIST Cybersecurity
Framework, etc.).
- Experience with global regulatory compliance and familiarity
with regional data protection laws.
- Excellent communication skills with the ability to effectively
collaborate with cross-functional teams.
- Proven track record of building and maturing GRC programs in
complex, fast-paced environments.
- Strong analytical and problem-solving skills with attention to
detail.
- Detail-oriented with superior organizational and
time-management skills - balancing multiple projects, deadlines,
and requests.
- Driven with a can-do attitude and determination to
succeed.Interested in the role, but don't meet every qualification?
We encourage you to still apply! At WHOOP, we believe there is much
more to a candidate than what is written on paper, and we value
character as much as experience. As we continue to build a diverse
and inclusive environment, we encourage anyone who is interested in
this role to apply.WHOOP is an Equal Opportunity Employer and
participates in E-verify to determine employment eligibility. It is
unlawful in Massachusetts to require or administer a lie detector
test as a condition of employment or continued employment. An
employer who violates this law shall be subject to criminal
penalties and civil liability.
#J-18808-Ljbffr
Keywords: Whoop, Inc, Arlington , GRC Manager, Executive , Boston, Massachusetts
Didn't find what you're looking for? Search again!
Loading more jobs...