Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Enterprise Risk Program Manager image - Rise Careers
Job details

Enterprise Risk Program Manager

CoreWeave is a specialized cloud provider, delivering a massive scale of GPU compute resources on top of the industry’s fastest and most flexible infrastructure. CoreWeave builds cloud solutions for compute intensive use cases — VFX and rendering, machine learning and AI, batch processing, and Pixel Streaming — that are up to 35 times faster and 80% less expensive than the large, generalized public clouds. Learn more at www.coreweave.com.

Description:

The Enterprise Risk Program Manager at CoreWeave will be responsible for identifying, documenting and tracking internal/external risks, owning risk assessments processes, driving corrective action plans and responsible for proper audit preparation. This role will sit within the Governance, Risk and Compliance (GRC) team and report to the GRC Manager.

Additionally, this role will support the creation, enforcement and the implementation of security policies, procedures, standards, and controls to govern the protection of company information systems, networks, and data. This role is a high visibility role and of utmost importance for ensuring CoreWeave complies with the necessary frameworks needed to operate as a world-leading specialized cloud provider.

Job duties include but are not limited to: 

  • Act as a contributing member of the GRC and Cyber functions to build and maintain the day-to-day operations of the team, working to maintain governance of information security frameworks, standards, and policies
  • Drive the Enterprise Risk Management (ERM) program by fostering a risk informed culture and regularly assessing exposures, identifying gaps, and supporting issues management resolution
  • Connect ERM activities to the organization’s top strategies and business objectives
  • Support the maturity of the ERM Program through assisting with the development of foundational and governance elements including standards, systems, tools, policies, workflows, and communications
  • Execute periodic control and risk assessments against the multiple compliance frameworks we currently align to and may align to in the future (SOX, SOC 2, ISO 27001:2022, FedRAMP, etc.)
  • Assist in maintaining the documentation, prioritization, and tracking of items such as the company risk register and exceptions process
  • Perform analysis on regulatory changes, or organization changes, that may impact our Information Security requirements
  • Perform periodic Business Impact Analysis (BIA) assessments to support Business Continuity and Disaster Recovery programs 
  • Work closely with internal stakeholders (Engineering, Corporate IT, Legal, HR, Audit, and Product Team Members) on governance/compliance initiatives and enhancements to the monitoring of security controls
  • When requested provide ad-hoc risk consultation to executives, leaders and internal stakeholders to help manage risks in pursuit of business and strategic objectives
  • Perform assessments of adherence to standards prior to engaging internal or external audit 
  • Develop and track audit corrective action plans through remediation  
  • Develop repeatable and sustainable program reporting by tracking and maintaining the appropriate KPIs and KRIs
  • Review risk reporting, including but not limited to the status of key risks and related trends, the effectiveness of controls and responses/mitigation, key risk indicators, and exceptions, etc
  • Maintain and monitor ERM program policies and procedures
  • Maintain and mature GRC tool used to track risks, exceptions and remediation plans 
  • Collaborate with Legal and Government Affairs program to ensure Know Your Customer (KYC) protocol is being executed in alignment to government sanction requirements and any ongoing sanction updates are implemented in a timely manner

Desired qualifications:

  • Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
  • Minimum of 5-8 years work experience in IT/Security Compliance/Audit function (or equivalent)
  • Proven experience in compliance, risk management and/or IT security program management 
  • In-depth knowledge of the industry's standards and regulations, specifically SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR and HIPAA
  • Understanding of concepts related to information security domains such as Cloud Computing, Physical Security, Third Party Risk Management (TPRM), Identity and Access Management, Data Security, Vulnerability and Patch Management, Malware Defenses, CIS Top 18 Controls
  • Integrating new technologies into existing technology portfolio
  • Collaborating with cross-functional teams, including engineering, network and infrastructure 
  • Excellent knowledge of reporting procedures and record keeping
  • Ability to succeed in a team environment or work as an individual contributor

Additional qualifications:

  • Familiarity with GRC Programs for Cloud providers 
  • Self-starter and requires minimal direction from leadership
  • Methodical and diligent with outstanding planning abilities
  • Able to meet deadlines and handle multiple priorities
  • Strong ability to negotiate with business partners to attain successful outcomes
  • Excellent communication skills
  • Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget and on time
  • Ability to present and effectively communicate with all levels of the organization
  • Flexible with the ability to multitask, effectively prioritize and work under pressure
  • Advocate of continuous improvement and industry recognized best practice

CoreWeave is a fast growth startup, and the selected candidate is willing to be flexible for when they are needed. There will be times where the Enterprise Risk Program Manager may need to be available outside of regular business hours to support critical issues, projects or meetings.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $130,000 in our lowest geographic market up to $165,000/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.

Why CoreWeave?

At CoreWeave, we work hard, have fun, and move fast!  We’re in an exciting stage of hyper-growth that you will not want to miss out on. We’re not afraid of a little chaos, and we’re constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values: 

  • Be Curious at your Core
  • Act like an Owner
  • Empower Employees
  • Deliver Best In-Class Client Experience 
  • Achieve More Together

We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and provides the opportunity to develop innovative solutions to complex problems. As we get set for take off, the growth opportunities within the organization are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us! 

Benefits

We offer a competitive salary and benefits, including:

  • Medical, dental and vision insurance - 100% paid for the employee
  • Company paid Life Insurance 
  • Voluntary supplemental life insurance 
  • Short and long-term disability insurance 
  • Flexible Spending Account
  • Tuition Reimbursement 
  • Mental Wellness Benefits through Spring Health 
  • Family-Forming support provided by Carrot
  • Paid Parental Leave 
  • Flexible, full-service childcare support with Kinside
  • 401(k) with a generous employer match
  • Flexible PTO
  • Catered lunch each day in our offices
  • Weekly massages in NJ office
  • A casual work environment
  • Work culture focused on innovative disruption

California Consumer Privacy Act - California applicants only

CoreWeave is an equal opportunity employer, committed to our diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.

 

CoreWeave Glassdoor Company Review
4.3 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon
CoreWeave DE&I Review
4.4 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon
CEO of CoreWeave
CoreWeave CEO photo
Michael Intrator
Approve of CEO

CoreWeave is an NVIDIA backed, fast-growing cloud provider for GPU-accelerated workloads at enterprise scale. The company was founded in 2017 and since then has profited massively from the boom in generative AI seen in 2023.

62 jobs
BADGES
Badge Diversity ChampionBadge Family FriendlyBadge Future UnicornBadge Work&Life Balance
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
DATE POSTED
February 4, 2024

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Other jobs
Company
ServiceNow Hybrid Building A,B,C 2225 Lawson Lane, Santa Clara, CALIFORNIA, United States
Posted 17 days ago
Inclusive & Diverse
Mission Driven
Rise from Within
Diversity of Opinions
Work/Life Harmony
Empathetic
Feedback Forward
Take Risks
Collaboration over Competition
Medical Insurance
Dental Insurance
Vision Insurance
Mental Health Resources
Life insurance
Disability Insurance
Health Savings Account (HSA)
Flexible Spending Account (FSA)
Conferences Stipend
Paid Time-Off
Maternity Leave
Equity
Company
CoreWeave Remote Roseland, NJ / Brooklyn, NY / Philadelphia, PA / Sunnyvale, CA / Remote
Posted 3 months ago
Company
CoreWeave Remote Sunnyvale, CA
Posted 2 months ago