Director, Information Security
Boston, MAFull-TimeDirectorOther
RESPONSIBILITIES:
- Lead the Information Security function with accountability for security engineering delivery, day-to-day security operations, and the evolving operating model as WHOOP grows and regulatory and risk requirements change
- Translate regulatory, privacy, and risk requirements into effective, auditable technical controls, partnering with Security Architecture to ensure execution aligns with secure-by-design principles and target-state architecture
- Own security operations including detection, response, escalation, incident follow-up, and operational readiness, serving as Incident Commander during security events and acting as on-call executive escalation outside of business hours as needed, coordinating internal teams, external partners, and managed security service providers
- Establish and maintain standard operating procedures, metrics, automation, and process improvements to measure effectiveness, reduce risk, and scale security operations reliably
- Own the security posture for enterprise and internal use of AI technologies, including guardrails for access, data handling, monitoring, auditability, and the secure adoption of AI-enabled workflows in partnership with Architecture, Product Security, IT, and Legal
- Directly manage information security managers and senior individual contributors, setting clear expectations for performance, documentation, and accountability, and partnering with the CISO on hiring strategy, team growth, and capability development
- Partner with GRC and Legal to support audits, assessments, and regulatory obligations, providing technical evidence and subject-matter expertise, and communicate clearly with senior leadership on risk posture, priorities, and program progress
QUALIFICATIONS:
- 10+ years of experience in information security, security engineering, or security operations, including 5+ years managing managers and senior individual contributors; this role is not intended for first-time people managers
- Demonstrated experience hiring, developing, and holding high-performing security teams accountable through measurable goals, repeatable processes, and clear documentation
- Proven leadership during high-impact security incidents and crisis situations, including coordination across internal teams and external partners
- Experience partnering with managed security service providers to drive consistent, outcome-based security operations
- Strong ability to prioritize effectively and drive execution in complex, high-growth environments
- Experience designing, building, or scaling security programs grounded in metrics, automation, and operational rigor
- Familiarity with regulatory frameworks including HIPAA, GDPR, PCI, and emerging AI-related compliance requirements
- Experience supporting healthcare, biometric, or other health-adjacent data environments is preferred
- Background in high-growth technology organizations is preferred
- Security certifications such as CISSP, CISM, or equivalent are a plus
