Security & IT Program Manager

At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.

WHOOP is seeking a Security & IT Operations Program Manager responsible for ensuring the organization's security posture aligns with its strategic objectives. This role involves driving process improvements, managing projects and compliance initiatives, and delivering comprehensive reporting. The Program Manager will bridge the gap between Security, IT, GRC, and other business units to facilitate effective collaboration and ensure a cohesive security approach.

RESPONSIBILITIES:

• Analyze existing Security, GRC, and IT operations processes to identify areas of opportunity.
• Collaborate with users and departments to understand needs, document requirements, and develop security controls.
• Develop and implement process improvements that enhance efficiency, reduce risk, and improve compliance.
• Develop and maintain documentation for security and IT operations processes, policies, and procedures.
• Manage security and IT operations projects from initiation to closure, ensuring timely delivery and adherence to project goals.
• Develop project plans, timelines, and resource requirements.
• Track project progress, identify risks, and implement mitigation strategies.
• Ensure compliance with relevant security and industry regulations, standards, and frameworks (e.g., ISO 27001, GDPR).
• Develop and implement policies and procedures related to new hires, employee terminations, and transfers, ensuring that all IT & Security requirements are met and compliance is maintained. Continuously review and update these processes to address evolving risks and regulatory changes.
• Oversee the implementation and effectiveness of security awareness training programs, ensuring that all employees are adequately trained and aware of their security responsibilities.
• Monitor compliance activities and identify areas for improvement.
• Coordinate with relevant stakeholders to plan and execute regular risk assessments
• Enhance and maintain a comprehensive risk register, including the identification, assessment, prioritization, and tracking of risks.
• Manage vulnerability remediation, including coordinating and tracking efforts to remediate identified vulnerabilities, ensuring timely and effective resolution.
• Enhance process for reviewing and approving or rejecting proposed risk mitigation or exception requests, ensuring that they align with the organization's risk tolerance and compliance requirements.
• Develop and deliver regular executive reports on the security and IT operations program's performance, key metrics, and risk assessments.
• Provide insights and recommendations to senior leadership based on data analysis and industry trends.
• Manage relationships with third-party IT & Security vendors to ensure effective delivery of services and alignment with organizational needs.
• Develop deep knowledge of privacy and security obligations, processes, best practices, and solutions utilized across the organization. Leverage this knowledge to drive requirements and process improvements.

QUALIFICATIONS:

• 3+ years of experience in Security, Compliance, or IT operations with a strong focus on process improvement and project management.
• Proven track record of successfully managing complex projects and delivering results in a fast-paced environment.
• Demonstrated experience in developing and implementing procedures and standards.
• Track record of successfully managing high-priority projects and delivering results in a fast-paced environment.
• Knowledge of frameworks such as ISO 27001, NIST Cybersecurity Framework, or GDPR preferred.
• Certifications such as Project Management Professional (PMP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are preferred but not required.