Description:
The Governance, Risk & Compliance (GRC) Analyst at CoreWeave will be responsible for enforcing the implementation of security policies, procedures, standards, and controls to govern the protection of company information systems, networks, and data. This role is a high visibility role and of utmost importance for ensuring CoreWeave complies with the necessary frameworks needed to operate as a world-leading specialized cloud provider.
Core job duties include, but are not limited to:
- Partner with the GRC Manager & CISO to build maintain the day-to-day operations of the governance, risk, and compliance function, working to maintain information security frameworks, standards, and policies
- Support the continuous maturity and evolution of the Information Security programs by challenging current approaches and proactively identifying improvement opportunities to drive assessment, monitoring, and response effectiveness and efficiency
- Assist in maintaining the documentation, prioritization, and tracking of items such as the company risk register and exceptions process
- Perform periodic control assessments against the multiple compliance frameworks we currently align to and plan to align to in the future (SOX, SOC 2, ISO 27001:2022, FedRAM, etc.)
- Work closely with internal and external stakeholders (Engineering, Corporate IT, Legal, HR, Audit, and Product Team Members) on governance/compliance practices and implementation/monitoring of security controls
- Perform assessments of adherence to standards prior to engaging internal or external audit
- Manage relationship with Internal Audit and supports execution of Internal Audit program
- Manage relationships with external compliance auditors and assist with execution of external audit initiatives (SOX, SOC 2, ISO 27001:2022, FedRAMP, etc.)
- Maintaining self-certifications regarding HIPAA, GDPR, etc.
- Lead future security framework programs as needed by the company
- Enforce and maintain the Third Party Risk Management (TPRM) program
- Assist with managing customer due diligence questionnaires, requests for proposals, or general inquiries regarding the Information Security program and in assessing third party vendors
- Develop repeatable and sustainable program reporting by developing and maintaining the appropriate KPIs and KRIs
- Manage the GRC tool used to track risks, control evidence, vendor evidences and audit documentation
- Perform analysis on regulatory changes, or organization changes, that may impact our Information Security requirements
Desired qualifications:
- Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
- Minimum of 3-5 years work experience in IT/Security Compliance/Audit function (or equivalent)
- Proven experience in vulnerability, compliance, risk and/or IT security program management
- In-depth knowledge of the industry's standards and regulations, specifically SOX, SOC 2, ISO 27001:2022, NIST 800-53, NIST CSF, FedRAMP, GDPR and HIPAA
- Understanding of concepts related to information security domains such as Cloud Computing, Physical security, Third Party Risk Management (TPRM), Identity and Access Management, Data Security, Vulnerability and Patch Management, Malware Defenses, CIS Top 18 Controls
- Integrating new technologies into existing technology portfolio
- Collaborating with cross-functional teams, including engineering
- Excellent knowledge of reporting procedures and record keeping
- Ability to succeed in a team environment or work as an individual contributor
Additional qualifications:
- Familiarity with Linux, Windows and MacOS operating systems
- Methodical and diligent with outstanding planning abilities
- Able to meet deadlines and handle multiple priorities
- Strong ability to negotiate with business partners to attain successful outcomes
- Excellent communication skills
- Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget and on time
- Self-starter and requires minimal direction from leadership
- Ability to present and effectively communicate with all levels of the organization
- Flexible with the ability to multitask, effectively prioritize and work under pressure
- Advocate of continuous improvement and industry recognized best practice
CoreWeave is a fast growth startup, and the selected candidate is willing to be flexible for when they are needed. There will be times where the Governance, Risk & Compliance Analyst needs to be available outside of regular business hours to support critical issues, projects or meetings.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $100,000/year in our lowest geographic market up to $135,000/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.
Why CoreWeave?
At CoreWeave, we work hard, have fun, and move fast! We’re in an exciting stage of hyper-growth that you will not want to miss out on. We’re not afraid of a little chaos, and we’re constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values:
- Be Curious at your Core
- Act like an Owner
- Empower Employees
- Deliver Best In-Class Client Experience
- Achieve More Together
We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and provides the opportunity to develop innovative solutions to complex problems. As we get set for take off, the growth opportunities within the organization are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us!
Benefits
We offer a competitive salary and benefits, including:
- Medical, dental and vision insurance - 100% paid for the employee
- Life Insurance
- Short and long-term disability insurance
- Flexible Spending Account
- Flexible, full-service childcare support with Kinside
- 401(k) with a generous employer match
- Flexible PTO
- Catered lunch each day in our offices
- Weekly massages in NJ office
- A casual work environment
- Work culture focused on innovative disruption
California Consumer Privacy Act - California applicants only
CoreWeave is an equal opportunity employer, committed to our diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.
CoreWeave is a specialized cloud provider, delivering a massive scale of GPUs on top of the industry’s fastest and most flexible infrastructure.