Director, Information Security

About The Position

Requirements

• 10+ years of experience in information security, security engineering, or security operations, including 5+ years managing managers and senior individual contributors; this role is not intended for first-time people managers
• Demonstrated experience hiring, developing, and holding high-performing security teams accountable through measurable goals, repeatable processes, and clear documentation
• Proven leadership during high-impact security incidents and crisis situations, including coordination across internal teams and external partners
• Experience partnering with managed security service providers to drive consistent, outcome-based security operations
• Strong ability to prioritize effectively and drive execution in complex, high-growth environments
• Experience designing, building, or scaling security programs grounded in metrics, automation, and operational rigor
• Familiarity with regulatory frameworks including HIPAA, GDPR, PCI, and emerging AI-related compliance requirements

Nice To Haves

• Experience supporting healthcare, biometric, or other health-adjacent data environments is preferred
• Background in high-growth technology organizations is preferred
• Security certifications such as CISSP, CISM, or equivalent are a plus

Responsibilities

• Lead the Information Security function with accountability for security engineering delivery, day-to-day security operations, and the evolving operating model as WHOOP grows and regulatory and risk requirements change
• Translate regulatory, privacy, and risk requirements into effective, auditable technical controls, partnering with Security Architecture to ensure execution aligns with secure-by-design principles and target-state architecture
• Own security operations including detection, response, escalation, incident follow-up, and operational readiness, serving as Incident Commander during security events and acting as on-call executive escalation outside of business hours as needed, coordinating internal teams, external partners, and managed security service providers
• Establish and maintain standard operating procedures, metrics, automation, and process improvements to measure effectiveness, reduce risk, and scale security operations reliably
• Own the security posture for enterprise and internal use of AI technologies, including guardrails for access, data handling, monitoring, auditability, and the secure adoption of AI-enabled workflows in partnership with Architecture, Product Security, IT, and Legal
• Directly manage information security managers and senior individual contributors, setting clear expectations for performance, documentation, and accountability, and partnering with the CISO on hiring strategy, team growth, and capability development
• Partner with GRC and Legal to support audits, assessments, and regulatory obligations, providing technical evidence and subject-matter expertise, and communicate clearly with senior leadership on risk posture, priorities, and program progress

Benefits

• competitive base salaries
• meaningful equity