×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Senior Risk & Compliance Analyst

Job in Boston, Suffolk County, Massachusetts, 02298, USA
Listing for: WHOOP
Full Time position
Listed on 2026-06-05
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

At WHOOP, we are on a mission to unlock human performance and extend healthspan. The Governance, Risk, and Compliance (GRC) team helps ensure technology and cybersecurity risks are identified, assessed, and communicated clearly across the organization.

As a Senior Risk & Compliance Analyst, you will play a key role in supporting the design, execution, and continued evolution of the cyber risk management program. In this role, you will lead structured risk assessments, maintain the cyber risk register, and support risk governance through the Cyber Risk Committee while partnering with Security Architecture, Security Engineering, Product Security, Legal, IT, and business stakeholders to identify and assess technology and cybersecurity risks across systems, infrastructure, and business operations, and to translate technical findings into clear business risk and contribute to effective risk mitigation strategies.

The ideal candidate combines strong analytical thinking with the ability to communicate complex risk scenarios clearly to both technical and non-technical stakeholders.

This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.

Responsibilities
  • Lead cyber and technology risk assessments across systems, cloud environments, business processes, and major initiatives, evaluating threats, vulnerabilities, control effectiveness, and residual risk.
  • Maintain and operate the enterprise cyber risk register, including drafting risk statements, tracking mitigation plans, and supporting governance and reporting processes.
  • Translate technical findings, architectural concerns, and control gaps into clear business risk scenarios that support prioritization and decision-making.
  • Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated.
  • Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
  • Partner with Security Architecture to assess risk in system designs, cloud architecture, identity models, data flows, and platform changes.
  • Collaborate with Security Engineering, Product Security, Legal, IT, and business teams to evaluate new initiatives, technology changes, artificial intelligence use cases, and third‑party integrations through a risk lens.
  • Conduct risk assessments for emerging technologies including artificial intelligence and machine learning systems, evaluating data usage, model behavior, external dependencies, and security implications.
  • Evaluate risks associated with the use of artificial intelligence technologies, including model behavior, data exposure, prompt or input manipulation, and external model dependencies.
  • Develop dashboards and reporting that provide leadership with visibility into key cybersecurity risks and trends.
  • Track mitigation progress and risk treatment activities to ensure accountability and clear documentation of outcomes.
  • Contribute to the continued development of cyber risk management processes, methodologies, and governance practices across the GRC program.
Qualifications
  • 6+ years of experience in cybersecurity risk management, information security, technology risk, or a related field.
  • Demonstrated experience conducting structured cybersecurity or IT risk assessments.
  • Experience maintaining risk registers and tracking risk mitigation or treatment activities.
  • Strong understanding of security frameworks such as NIST CSF, ISO 27001, or PCI DSS, and familiarity with regulatory environments such as GDPR, HIPAA or other privacy and data protection requirements.
  • Ability to translate technical findings into clear business risk for non-technical stakeholders.
  • Strong written and verbal communication skills with experience presenting findings to cross‑functional teams.
  • Experience working with engineering, architecture, legal, compliance, and business stakeholders.
  • Experience assessing risks related to artificial intelligence, machine learning systems, or emerging technologies, including familiarity with emerging AI governance frameworks such as NIST AI RMF, ISO/IEC 42001, or similar…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search