Director, Information Security

Whoop Whoop · Consumer · Boston, MA · Information Security

Director of Information Security to lead security engineering and operations, manage a team, and ensure programs align with business and regulatory requirements in a growing, regulated technology environment. Responsible for security posture of enterprise and internal AI technologies, including guardrails for access, data handling, monitoring, and auditability.

What you'd actually do

  1. Lead the Information Security function with accountability for security engineering delivery, day-to-day security operations, and the evolving operating model as WHOOP grows and regulatory and risk requirements change
  2. Translate regulatory, privacy, and risk requirements into effective, auditable technical controls, partnering with Security Architecture to ensure execution aligns with secure-by-design principles and target-state architecture
  3. Own security operations including detection, response, escalation, incident follow-up, and operational readiness, serving as Incident Commander during security events and acting as on-call executive escalation outside of business hours as needed, coordinating internal teams, external partners, and managed security service providers
  4. Establish and maintain standard operating procedures, metrics, automation, and process improvements to measure effectiveness, reduce risk, and scale security operations reliably
  5. Own the security posture for enterprise and internal use of AI technologies, including guardrails for access, data handling, monitoring, auditability, and the secure adoption of AI-enabled workflows in partnership with Architecture, Product Security, IT, and Legal

Skills

Required

  • 10+ years of experience in information security, security engineering, or security operations
  • 5+ years managing managers and senior individual contributors
  • Demonstrated experience hiring, developing, and holding high-performing security teams accountable
  • Proven leadership during high-impact security incidents and crisis situations
  • Experience partnering with managed security service providers
  • Strong ability to prioritize effectively and drive execution in complex, high-growth environments
  • Experience designing, building, or scaling security programs grounded in metrics, automation, and operational rigor
  • Familiarity with regulatory frameworks including HIPAA, GDPR, PCI, and emerging AI-related compliance requirements

Nice to have

  • Experience supporting healthcare, biometric, or other health-adjacent data environments
  • Background in high-growth technology organizations
  • Security certifications such as CISSP, CISM, or equivalent

What the JD emphasized

  • regulatory requirements
  • security engineering
  • security operations
  • AI technologies
  • guardrails
  • HIPAA
  • GDPR
  • PCI