WH
GRC Analyst, Operations & Risk
WhoopBoston, MA$60k – $90kPosted 12 May 2026
Job Description
GRC Analyst, Operations & Risk
As a GRC Analyst, Operations & Risk, you will support the WHOOP Governance, Risk, and Compliance program by helping manage GRC intake, coordinate third-party risk activities, strengthen operational workflows, and improve visibility across risk and compliance work. This role will support vendor risk reviews, remediation follow-up, audit readiness, compliance operations, and cross-functional GRC requests in a fast-paced environment.
A key focus of this role will be helping ensure GRC work is reviewed, prioritized, routed, tracked, and completed effectively. You will use intake and ticketing data to identify workflow trends, recurring questions, handoff gaps, and opportunities to improve guidance, templates, reporting, automation, and stakeholder experience. You will also support broader GRC initiatives, including compliance calendar activities, control monitoring, process documentation, security awareness coordination, and continuous improvement across the GRC program.
RESPONSIBILITIES:
-
- Support day-to-day GRC program operations, including intake management, request prioritization, workflow routing, ticket tracking, escalation management, and completion follow-up
- Perform and support third-party risk management activities, including vendor reviews, reassessments, partner coordination, remediation tracking, and cross-functional follow-up with Security, Legal, Privacy, Procurement, IT, Finance, and business owners
- Assist with risk management activities, including risk assessments, risk documentation, mitigation tracking, risk register hygiene, owner follow-up, and treatment plan coordination
- Support compliance monitoring and audit readiness activities, including evidence collection, preliminary reviews, control-owner coordination, remediation tracking, and compliance calendar activities
- Analyze intake data, workflow trends, recurring stakeholder questions, and handoff gaps to identify opportunities to improve guidance, templates, reporting, automation, SOPs, and cross-functional ways of working
- Coordinate security awareness and training activities, including completion tracking, evidence collection, employee follow-up, and support for annual or role-based training initiatives
- Help maintain visibility into GRC workload, priorities, ownership, service levels, operational metrics, and recurring process improvement opportunities
- Support continuous improvement across GRC tooling, intake forms, trackers, reporting, control monitoring, workflow design, and responsible automation initiatives
QUALIFICATIONS:
-
- 2+ years of experience in GRC, third-party risk management, security compliance, IT audit, risk management, vendor management, or a related function
- Experience supporting third-party risk assessments, vendor security reviews, audit readiness, compliance operations, risk remediation tracking, or similar activities
- Strong operational discipline, including the ability to manage competing requests, track open items, follow up with stakeholders, and drive work to closure
- Strong written communication skills, with the ability to document clear status updates, risk summaries, follow-up requests, escalation notes, and process guidance
- Ability to coordinate effectively across cross-functional stakeholders, including Security, Legal, Privacy, Procurement, Engineering, IT, Finance, and business owners
- Familiarity with common security and compliance frameworks such as SOC 2, ISO 27001, NIST CSF, GDPR, PCI, or similar frameworks
- Comfort working in Jira, GRC platforms, ticketing systems, spreadsheets, workflow tools, dashboards, or operational reporting systems
- Ability to identify process gaps, navigate ambiguity, escalate appropriately, and turn unclear requests into actionable next steps
- Bachelor’s degree in Information Security, Computer Science, Business, Risk Management, or a related field, or equivalent practical experience
- Relevant certifications such ... (truncated, view full listing at source)
Apply Now
Direct link to company career page
AI Resume Fit Check
See exactly which skills you match and which are missing before you apply. Free, instant, no spam.
Check my resume fitFree · No credit card