Manager, Governance, Risk & Compliance

CoreWeave is a specialized cloud provider, delivering a massive scale of GPU compute resources on top of the industry's fastest and most flexible infrastructure. CoreWeave builds cloud solutions for compute intensive use cases - VFX and rendering, machine learning and AI, batch processing, and Pixel Streaming - that are up to 35 times faster and 80% less expensive than the large, generalized public clouds. Learn more at www.coreweave.com .
The Manager, Governance, Risk & Compliance (GRC) at CoreWeave will be responsible for enforcing the implementation of security policies, procedures, standards, and controls to govern the protection of company information systems, networks, and data. This role is a high visibility role and of utmost importance for ensuring CoreWeave complies with the necessary frameworks needed to operate as a world-leading specialized cloud provider.
Responsibilities include:

• Partner with the CISO to build maintain the day-to-day operations of the governance, risk, and compliance function, working to maintain information security frameworks, standards, and policies
• Support the continuous maturity and evolution of the Information Security programs by challenging current approaches and proactively identifying improvement opportunities to drive assessment, monitoring, and response effectiveness and efficiency
• Assist in maintaining the documentation, prioritization, and tracking of items such as the company risk register and exceptions process
• Perform periodic control assessments against our multiple corporate cybersecurity frameworks
• Work closely with internal and external stakeholders (Engineering, Corporate IT, Legal, HR, Audit, and Product Team Members) on security practices and implementation/compliance of security controls
• Perform assessments of adherence to standards prior to engaging internal or external audit
• Manage relationship with Internal Audit and supports execution of Internal Audit program
• Manage relationship with external compliance auditors and lead execution of external audit initiatives (SOC 2, ISO 27001:2022)
• Maintaining self-certifications regarding HIPAA, GDPR
• Lead future security framework programs as needed by the company
• Assist with managing customer due diligence questionnaires, requests for proposals, or general inquiries regarding the Information Security program and in assessing third party vendors
• Enforce and maintain the 3rd party/supplier risk assessment and yearly reviews
• Develop repeatable and sustainable program reporting by developing and maintaining the appropriate KPIs and KRIs
• Manage the GRC tool used to track risks, control evidence, vendor evidences and audit documentation
• Perform analysis on regulatory changes, or organization changes, that may impact our Information Security requirements

Requirements

• Bachelor's in Information Security, Computer Science, or related degree; CISSP or CISA Certification or equivalent
• Minimum of 5 years work experience
• Minimum of 3 years IT/Security Audit experience (or equivalent)
• Minimum of 2 years of leadership experience
• Proven experience as vulnerability, compliance, risk and/or IT Security program manager
• In-depth knowledge of the industry's standards and regulations, specifically SOC 2, ISO 27001:2022, GDPR and HIPAA
• Has any of the following certifications: Certified Intrusion analyst (GCIAs), GIAC Reverse Engineering Malware (GREM), GIAC Penetration Testing Certification (GPEN), GIAC Certified Enterprise Defender (GCED), Certified Geographic Information Systems Professional (GISP), GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Cisco Certified Network Associate (CCNA), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), GIAC Security Essentials Certification (GSEC), Offensive Security Certified Professional (OSCP), and/or Security Cisco Certified Networking Professional - Security (CCNP-Security)
• Understanding of concepts related to information security domains such as Cloud Computing, Physical security, 3rd Party Risk Management, Identity and Access Management, Data Security, Vulnerability and Patch Management, Malware Defenses, CIS Top 18 Controls
• Integrating new technologies into existing technology portfolio
• Collaborating with cross-functional teams, including engineering
• Excellent knowledge of reporting procedures and record keeping
• Ability to succeed in a team environment or work as an individual contributor

Additional qualifications:

• Familiarity with Linux, Windows and MacOS operating systems
• Methodical and diligent with outstanding planning abilities
• Able to meet deadlines and handle multiple priorities
• Strong ability to negotiate with business partners to attain successful outcomes
• Excellent communication skills
• Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget and on time
• Self-starter and requires minimal direction from leadership
• Ability to present and effectively communicate with all levels of the organization
• Flexible with the ability to multitask, effectively prioritize and work under pressure
• Advocate of continuous improvement and industry recognized best practice

The Manager, Governance, Risk & Compliance works standard Eastern time zone business hours. CoreWeave is a fast growth startup, and the selected candidate is willing to be flexible for when they are needed. There will be times where the Manager, Governance, Risk & Compliance needs to be available outside of regular business hours to support critical issues, projects or meetings.
Benefits
Why CoreWeave?
At CoreWeave we work hard, have fun and move fast! The company has entered a hyper-growth stage that you will not want to miss out on! Today we are a small, growing team of intelligent, genuine people who value different perspectives and approaches to solving complex problems. We live five core values:

• Be Curious at Your Core
• Act Like an Owner
• Empower Employees
• Deliver Best-in-Class Client Experiences
• Achieve More Together

At CoreWeave we support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that champions collaboration and prioritizes innovative solutions to complex problems. As we get set to take off, the growth opportunities within the organization are limitless. You will be surrounded by some of the best talent in the industry. Come join us!
Benefits
We offer a competitive salary and benefits, including:

• Medical, dental, and vision insurance - 100% paid for the employee
• Life Insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our NJ office
• Weekly massages in NJ office
• A casual work environment
• Work culture focused on innovative disruption

CoreWeave is an equal opportunity employer, committed to our diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.