Governance, Risk & Compliance Analyst

The Governance, Risk & Compliance (GRC) Analyst at CoreWeave will be responsible for supporting the GRC Manager and team members with the creation, implementation and enforcement of security policies, procedures, standards, and controls to govern the protection of company information systems, networks, and data. The primary focus of this role will be to drive policy maturity and the development/implementation of new policies, standards and procedures. This role will also assist the GRC team with the development and implementation of our privacy program. This role is a high visibility role and of utmost importance for ensuring CoreWeave complies with the necessary frameworks needed to operate as a world-leading specialized cloud provider.

Core job duties include, but are not limited to:

• Act as a contributing member of the GRC and Cyber functions to build and maintain the day-to-day operations of the team, working to maintain governance of information security frameworks, standards, and policies
• Initiate and track annual policy revisions and report updates to GRC Manager 
• Assist with the development and implementation of our privacy program aligned to ISO 27701 and GDPR 
• Drive data mapping and data protection impact assessment (DPIA) activities with various internal stakeholders 
• Track Security Awareness Training program and ensure all employees are completing assigned training within defined SLA’s 
• Support GRC Manager with periodic control and audit readiness assessments against the multiple compliance frameworks we currently align to and may align to in the future (SOX, SOC 2, ISO 27001:2022, FedRAMP, etc.)
• Obtain and track continual progress updates for audit corrective action plans
• Act as a contributing member for external audits by collecting control examination evidence
• Work closely with internal stakeholders (Engineering, Corporate IT, Legal, HR, Audit, and Product Team Members) on governance/compliance initiatives and enhancements to the monitoring of security controls
• Assist with maintenance and maturity of GRC tool used to track risks, control evidence, vendor inventories and audit documentation

Desired qualifications:

• Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
• Minimum of 3-5 years work experience in IT/Security Compliance/Audit function (or equivalent)
• Proven experience in compliance, risk, vulnerability mgmt., business continuity and/or IT security program management 
• Technical writing with an experience in developing internal policies, standards and procedures 
• In-depth knowledge of the industry's standards and regulations, specifically SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR and HIPAA
• Familiarity with data privacy regulations and standards (ISO 27701, GDPR, etc.) 
• Ability to map compliance/regulation requirements to internal documentation
• Collaborating with cross-functional teams, including engineering, infrastructure, security, etc. 
• Integrating new technologies into existing technology portfolio
• Excellent knowledge of reporting procedures and record keeping
• Ability to succeed in a team environment or work as an individual contributor
• Understanding of concepts related to information security domains such as Cloud Computing, Physical security, Third Party Risk Management (TPRM), Identity and Access Management, Data Security, Vulnerability and Patch Management, Malware Defenses, CIS Top 18 Controls

Additional qualifications:

• Familiarity with GRC Program for Cloud providers 
• Self-starter and requires minimal direction from leadership
• Methodical and diligent with outstanding planning abilities
• Able to meet deadlines and handle multiple priorities
• Strong ability to negotiate with business partners to attain successful outcomes
• Excellent communication skills
• Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget and on time
• Ability to present and effectively communicate with all levels of the organization
• Flexible with the ability to multitask, effectively prioritize and work under pressure
• Advocate of continuous improvement and industry recognized best practic

CoreWeave is a fast growth startup, and the selected candidate is willing to be flexible for when they are needed. There will be times where the Governance, Risk & Compliance Analyst needs to be available outside of regular business hours to support critical issues, projects or meetings.