Director, Information Security

Director Of Information Security

At WHOOP, we're on a mission to unlock human performance and healthspan. Our wearable technology provides personalized insights that help millions of members better understand their bodies and make smarter decisions about training, recovery, and lifestyle.

WHOOP is seeking a Director of Information Security to lead the execution of the company's security engineering and security operations capabilities. This role is accountable for delivering reliable, scalable security programs aligned with business and regulatory requirements in a growing, regulated technology environment.

The Director of Information Security will manage an existing security team, oversee the operating model for security engineering and ops, and partner closely with Product Security, Security Architecture, Engineering, IT, GRC, and Legal. This role carries direct accountability for team performance and operational outcomes and is expected to drive execution through metrics, documented processes, and automation.

RESPONSIBILITIES:

• Lead the Information Security function with accountability for security engineering delivery, day-to-day security operations, and the evolving operating model as WHOOP grows and regulatory and risk requirements change
• Translate regulatory, privacy, and risk requirements into effective, auditable technical controls, partnering with Security Architecture to ensure execution aligns with secure-by-design principles and target-state architecture
• Own security operations including detection, response, escalation, incident follow-up, and operational readiness, serving as Incident Commander during security events and acting as on-call executive escalation outside of business hours as needed, coordinating internal teams, external partners, and managed security service providers
• Establish and maintain standard operating procedures, metrics, automation, and process improvements to measure effectiveness, reduce risk, and scale security operations reliably
• Own the security posture for enterprise and internal use of AI technologies, including guardrails for access, data handling, monitoring, auditability, and the secure adoption of AI-enabled workflows in partnership with Architecture, Product Security, IT, and Legal
• Directly manage information security managers and senior individual contributors, setting clear expectations for performance, documentation, and accountability, and partnering with the CISO on hiring strategy, team growth, and capability development
• Partner with GRC and Legal to support audits, assessments, and regulatory obligations, providing technical evidence and subject-matter expertise, and communicate clearly with senior leadership on risk posture, priorities, and program progress

QUALIFICATIONS:

• 10+ years of experience in information security, security engineering, or security operations, including 5+ years managing managers and senior individual contributors; this role is not intended for first-time people managers
• Demonstrated experience hiring, developing, and holding high-performing security teams accountable through measurable goals, repeatable processes, and clear documentation
• Proven leadership during high-impact security incidents and crisis situations, including coordination across internal teams and external partners
• Experience partnering with managed security service providers to drive consistent, outcome-based security operations
• Strong ability to prioritize effectively and drive execution in complex, high-growth environments
• Experience designing, building, or scaling security programs grounded in metrics, automation, and operational rigor
• Familiarity with regulatory frameworks including HIPAA, GDPR, PCI, and emerging AI-related compliance requirements
• Experience supporting healthcare, biometric, or other health-adjacent data environments is preferred
• Background in high-growth technology organizations is preferred
• Security certifications such as CISSP, CISM, or equivalent are a plus

This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.

Interested in the role, but don't meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.

WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.

At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company's long-term growth and success.

The U.S. base salary range for this full-time position is $190,000-$220,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training.

In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.

These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate's specific qualifications, expertise, and alignment with the role's requirements.