Senior Governance, Risk & Compliance Analyst
CoreWeave is a specialized cloud provider focused on GPU accelerated use cases including VFX, AI/ML, Batch Processing and Real Time Experiences. We support countless AI/ML services in the text to image, NLP and broader AI/ML space, reducing client’s infrastructure management requirements with our Kubernetes based serverless GPU cloud offerings.
Job Description
The Senior Governance, Risk & Compliance (GRC) Analyst at CoreWeave will be responsible for supporting the GRC Manager and internal stakeholders with the design, implementation and enforcement of security, operational and privacy controls to govern the protection of CoreWeave Cloud. The primary focus of this role will be to conduct control readiness assessments, prepare control owners for external audits and track upcoming regulatory and compliance obligations to support CoreWeave’s growth.
Core job duties include, but are not limited to:
- Assist GRC Manager and control owners with internal assessments and external audit engagements
- Manage technical and business stakeholders across CoreWeave to identify, design and implement controls aligned to compliance requirements.
- Track the lifecycle of regulatory and compliance scope to ensure control assessments, evidence collection and reporting requirements are fulfilled.
- Collaborate with Product, Solutions Architect and Engineering teams to simplify and consolidate product related compliance requirements.
- Perform on-going control maturity assessments to identify opportunities for improvement and evidence collection automation.
Qualifications:
- Minimum of 5 years work experience in IT, Security Compliance or Audit function, preferably in the cloud service provider industry
- Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
- Experience conducting end to end control framework assessments; documenting control effectiveness, gaps, remediation requirements and/or maturity recommendations
- In-depth knowledge of regulatory and compliance requirements, such as: SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, PCI DSS, FedRAMP, GDPR, UK Cyber Essentials, HIPAA, etc.
- Experience collaborating with cross-functional teams, including engineering, infrastructure, security, etc
- Excellent knowledge of reporting procedures and record keeping
- Ability to succeed in a team environment or work as an individual contributor
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $150,000-$170,000. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.
The Senior Governance, Risk & Compliance (GRC) Analyst at CoreWeave will be responsible for supporting the GRC Manager and internal stakeholders with the design, implementation and enforcement of security, operational and privacy controls to govern the protection of CoreWeave Cloud. The primary focus of this role will be to conduct control readiness assessments, prepare control owners for external audits and track upcoming regulatory and compliance obligations to support CoreWeave’s growth.
Core job duties include, but are not limited to:
- Assist GRC Manager and control owners with internal assessments and external audit engagements
- Manage technical and business stakeholders across CoreWeave to identify, design and implement controls aligned to compliance requirements.
- Track the lifecycle of regulatory and compliance scope to ensure control assessments, evidence collection and reporting requirements are fulfilled.
- Collaborate with Product, Solutions Architect and Engineering teams to simplify and consolidate product related compliance requirements.
- Perform on-going control maturity assessments to identify opportunities for improvement and evidence collection automation.
Qualifications:
- Minimum of 5 years work experience in IT, Security Compliance or Audit function, preferably in the cloud service provider industry
- Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
- Experience conducting end to end control framework assessments; documenting control effectiveness, gaps, remediation requirements and/or maturity recommendations
- In-depth knowledge of regulatory and compliance requirements, such as: SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, PCI DSS, FedRAMP, GDPR, UK Cyber Essentials, HIPAA, etc.
- Experience collaborating with cross-functional teams, including engineering, infrastructure, security, etc
- Excellent knowledge of reporting procedures and record keeping
- Ability to succeed in a team environment or work as an individual contributor
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $150,000-$170,000. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.