Senior Risk & Compliance Analyst

RESPONSIBILITIES:

Lead cyber and technology risk assessments across systems cloud environments business processes and major initiatives evaluating threats vulnerabilities control effectiveness and residual risk.

Maintain and operate the enterprise cyber risk register including drafting risk statements tracking mitigation plans and supporting governance and reporting processes.

Translate technical findings architectural concerns and control gaps into clear business risk scenarios that support prioritization and decision-making.

Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated.

Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.

Partner with Security Architecture to assess risk in system designs cloud architecture identity models data flows and platform changes.

Collaborate with Security Engineering Product Security Legal IT and business teams to evaluate new initiatives technology changes artificial intelligence use cases and third-party integrations through a risk lens.

Conduct risk assessments for emerging technologies including artificial intelligence and machine learning systems evaluating data usage model behavior external dependencies and security implications.

Evaluate risks associated with the use of artificial intelligence technologies including model behavior data exposure prompt or input manipulation and external model dependencies.

Develop dashboards and reporting that provide leadership with visibility into key cybersecurity risks and trends.

Track mitigation progress and risk treatment activities to ensure accountability and clear documentation of outcomes.

Contribute to the continued development of cyber risk management processes methodologies and governance practices across the GRC program.

QUALIFICATIONS:

6+ years of experience in cybersecurity risk management information security technology risk or a related field.

Demonstrated experience conducting structured cybersecurity or IT risk assessments.

Experience maintaining risk registers and tracking risk mitigation or treatment activities.

Strong understanding of security frameworks such as NIST CSF ISO 27001 or PCI DSS and familiarity with regulatory environments such as GDPR HIPAA or other privacy and data protection requirements.

Ability to translate technical findings into clear business risk for non-technical stakeholders.

Strong written and verbal communication skills with experience presenting findings to cross-functional teams.

Experience working with engineering architecture legal compliance and business stakeholders.

Experience assessing risks related to artificial intelligence machine learning systems or emerging technologies including familiarity with emerging AI governance frameworks such as NIST AI RMF ISO/IEC 42001 or similar standards.

Professional certifications such as CRISC CISSP CISM CISA or CGRC are a plus.

What We Do

At WHOOP we’re on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. Our wearable device and performance optimization platform has been adopted by many of the world's greatest athletes and consumers alike.

Why Work With Us

At WHOOP we’re focused on building an inclusive and equitable team with a strong sense of belonging for everyone—increasing representation in every way as our team grows. We believe that our differences are our source of strength—so much so it’s one of our core values.


Gallery