Head of Information Security
Boston, MA, USA
Posted on Tuesday, May 23, 2023
At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.
As Head of Information Security at WHOOP, you will play a critical role in establishing and maintaining the company-wide vision, strategy, and programs to ensure that information assets and technologies are adequately protected. Reporting to the General Counsel, this role will lead the development and implementation of security policies, data protection strategies, and IT security solutions. You will bring leadership, change management, and hands-on expertise to the role.
- Develop, implement, and monitor a strategic, comprehensive enterprise cybersecurity and IT risk management program.
- Work with executive leadership to determine acceptable levels of risk for the organization.
- Analyze the costs, value, and risks of cybersecurity activities and recommend actions within a budget.
- Establish enterprise-wide cybersecurity governance, risk, and compliance frameworks.
- Work cross-functionally across teams to develop, maintain, and oversee information protection policies, procedures, and control techniques to address all applicable security and compliance requirements.
- Oversee the management and maintenance of the company's security infrastructure.
- Provide leadership to the security team, fostering a culture of cybersecurity awareness and ensuring continued training and development.
- Act as the focal point for security incident response planning and cyber security breach remediation.
- Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture.
- Communicate with executive leadership on IT risk issues and the security program.
- Bachelor's degree in Information Security, Computer Science, Information Management Systems, or related field; Advanced degree preferred.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
- Minimum 10 years of experience in a combination of risk management, information security, and IT roles.
- Significant experience in leading an information security program with a deep understanding of information security frameworks such as ISO 27001/2, NIST, NIST, SOX etc. Knowledge of FedRAMP or similar government-related security frameworks is a plus.
- Experience with contract and vendor negotiations and management including managed services.
- Experience with securing cloud computing environments (e.g., AWS preferred).
- Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
- Strong leadership abilities, with the capacity to articulate and implement strategic vision for the organization's security posture.
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility.