Governance, Risk & Compliance Analyst

CoreWeave is a specialized cloud provider, delivering a massive scale of GPU compute resources on top of the industry’s fastest and most flexible infrastructure. CoreWeave builds cloud solutions for compute intensive use cases — VFX and rendering, machine learning and AI, batch processing, and Pixel Streaming — that are up to 35 times faster and 80% less expensive than the large, generalized public clouds. Learn more at www.coreweave.com.

The Governance, Risk & Compliance (GRC) Analyst at CoreWeave will be responsible for supporting the GRC Manager and team members with the creation, implementation and enforcement of security policies, procedures, standards, and controls to govern the protection of company information systems, networks, and data. The primary focus of this role will be to drive policy maturity and the development/implementation of new policies, standards and procedures. This role will also assist the GRC team with the development and implementation of our privacy program. This role is a high visibility role and of utmost importance for ensuring CoreWeave complies with the necessary frameworks needed to operate as a world-leading specialized cloud provider.

Core job duties include, but are not limited to:

• Act as a contributing member of the GRC and Cyber functions to build and maintain the day-to-day operations of the team, working to maintain governance of information security frameworks, standards, and policies
• Initiate and track annual policy revisions and report updates to GRC Manager 
• Assist with the development and implementation of our privacy program aligned to ISO 27701 and GDPR 
• Drive data mapping and data protection impact assessment (DPIA) activities with various internal stakeholders 
• Track Security Awareness Training program and ensure all employees are completing assigned training within defined SLA’s 
• Support GRC Manager with periodic control and audit readiness assessments against the multiple compliance frameworks we currently align to and may align to in the future (SOX, SOC 2, ISO 27001:2022, FedRAMP, etc.)
• Obtain and track continual progress updates for audit corrective action plans
• Act as a contributing member for external audits by collecting control examination evidence
• Work closely with internal stakeholders (Engineering, Corporate IT, Legal, HR, Audit, and Product Team Members) on governance/compliance initiatives and enhancements to the monitoring of security controls
• Assist with maintenance and maturity of GRC tool used to track risks, control evidence, vendor inventories and audit documentation

Desired qualifications:

• Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
• Minimum of 3-5 years work experience in IT/Security Compliance/Audit function (or equivalent)
• Proven experience in compliance, risk, vulnerability mgmt., business continuity and/or IT security program management 
• Technical writing with an experience in developing internal policies, standards and procedures 
• In-depth knowledge of the industry's standards and regulations, specifically SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR and HIPAA
• Familiarity with data privacy regulations and standards (ISO 27701, GDPR, etc.) 
• Ability to map compliance/regulation requirements to internal documentation
• Collaborating with cross-functional teams, including engineering, infrastructure, security, etc. 
• Integrating new technologies into existing technology portfolio
• Excellent knowledge of reporting procedures and record keeping
• Ability to succeed in a team environment or work as an individual contributor
• Understanding of concepts related to information security domains such as Cloud Computing, Physical security, Third Party Risk Management (TPRM), Identity and Access Management, Data Security, Vulnerability and Patch Management, Malware Defenses, CIS Top 18 Controls

Additional qualifications:

• Familiarity with GRC Program for Cloud providers 
• Self-starter and requires minimal direction from leadership
• Methodical and diligent with outstanding planning abilities
• Able to meet deadlines and handle multiple priorities
• Strong ability to negotiate with business partners to attain successful outcomes
• Excellent communication skills
• Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget and on time
• Ability to present and effectively communicate with all levels of the organization
• Flexible with the ability to multitask, effectively prioritize and work under pressure
• Advocate of continuous improvement and industry recognized best practices

CoreWeave is a fast growth startup, and the selected candidate is willing to be flexible for when they are needed. There will be times where the Governance, Risk & Compliance Analyst needs to be available outside of regular business hours to support critical issues, projects or meetings.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $85,000 in our lowest geographic market up to $115,000/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.

Hybrid Workplace

If you reside within a 30-mile radius of our New Jersey, New York, or Philadelphia offices, we're excited for you to join us at the office at least three times a week, recognizing the significance we place on fostering connections, collaboration, and creativity within our office culture. Our commitment to operating as a hybrid workplace underscores our dedication to enabling our employees to tailor their work-life balance to their individual preferences.