Third Party Risk Management (TPRM) Analyst

The Third Party Risk Management (TPRM) Analyst at CoreWeave will be responsible for supporting the GRC Manager, team members, and internal/external stakeholders with the day-to-day operations of the TPRM Program. The primary focus of this role will be to conduct third-party risk assessments and develop mitigation plans to minimize third-party risks. This role is a high visibility role that will work closely with stakeholders across Security, Legal, Procurement, and Finance. 

Core job duties include, but are not limited to:

• Complete third-party risk assessments for all new vendors
• Ensure third-party risk assessments include an in-depth Business Impact Analysis (BIA) and Data Protection Impact Assessment (DPIA), supporting BCP/DR and Privacy programs
• Continually reevaluate vendors based on their criticality level to identify/document any changes that may impact our risk exposure, data privacy, mitigation strategies, etc. 
• Coordinate the collection of required security assessment artifacts (e.g., audit reports, privacy policies, compliance documentation, incident response plan, disaster recovery/business continuity plans, etc.) from (new and existing) vendors periodically
• Triage assessments that require technical reviews to Security Engineering 
• Prepare and monitor the status of each vendor risk assessment (software, data center landlords, etc.) and communicate the status with key stakeholders regularly
• Update and document due diligence tracking with real-time status and escalate issues and concerns (e.g., oversight deficiencies, program concerns, and open risk items)
• Own and update control evidence related to TPRM to ensure readiness for internal assessments and external audits 
• Document program processes and procedures to ensure all updates to the TPRM program are captured and accessible to relevant parties
• Support the sales department in completing customer TPRM questionnaires and being the point of contact for security, governance and IT-related inquiries
• Support technical writing team with public-facing due diligence documentation and customer-facing Trust Center

Desired qualifications:

• Experience conducting third-party risk assessments to identify, document, and mitigate potential risks a third party may introduce
• Strong experience utilizing Jira to track and prioritize incoming vendor requests
• Ability to conduct vendor Business Impact Analysis (BIA) and Data Privacy assessments  
• Minimum of 3-5 years of work experience in IT/Security Compliance/Audit function (or equivalent)
• Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
• Proven experience in compliance, risk, business continuity, and/or IT security program management 
• Familiarity with data privacy regulations and standards (ISO 27701, GDPR, etc.) 
• Excellent written communications to internal and external audiences, including senior leadership
• Experience collaborating with cross-functional teams, including legal, procurement, engineering, infrastructure, security, etc. 
• Ability to succeed in a team environment or work as an individual contributor
• In-depth knowledge of the security and compliance standards/regulations, specifically SOX, SOC 2, ISO 27001, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR, PCI DSS and HIPAA
• Understanding of concepts related to information security domains such as Cloud Computing, Data Privacy, Physical Security, Identity and Access Management, Encryption, Vulnerability Management, Incident Response, etc.

Additional qualifications:

• Experience with Vendor Management / Third Party Risk Management Programs for Cloud providers 
• Self-starter and requires minimal direction from leadership
• Methodical and diligent with outstanding planning abilities
• Able to meet deadlines and handle multiple priorities
• Strong ability to negotiate with business partners to attain successful outcomes
• Excellent communication skills
• Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget, and on time
• Ability to present and effectively communicate with all levels of the organization
• Flexible with the ability to multitask, effectively prioritize, and work under pressure
• Advocate of continuous improvement and industry-recognized best practice

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $125,000-$145,000. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.