Director, Governance, Risk, And Compliance

Summary

Join CoreWeave as the Director of Governance, Risk, and Compliance, leading a high-functioning GRC team and reporting to the Chief Information Security Officer. You will develop and drive the overall GRC program strategy, act as the external representative for CoreWeave's privacy and regulatory programs, and advise C-level executives on risks and compliance. This role requires a minimum of 10 years of experience in IT, Security Compliance, or Audit, a Bachelor's degree in a related field, and relevant certifications. CoreWeave offers a competitive salary, comprehensive benefits including medical, dental, vision, life insurance, and paid parental leave, and a hybrid work environment with flexibility.

Requirements

• Minimum of 10 years work experience in IT, Security Compliance or Audit function, preferably in the cloud service provider industry
• Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
• Experience building and maintaining a governance, risk, and compliance program at scale
• Experience conducting end-to-end control framework assessments; documenting control effectiveness, gaps, remediation requirements and/or maturity recommendations
• Ability to drive a team of managers and analysts to focus on prioritizing and delivering high-quality work with external/internal audit, customers and investors with attention to details
• Experience working directly with external auditors, regulators and government officials on security assessments and due diligence
• Ability to assess risks and distinguish critical or high impacting security areas within CoreWeave’s environment and drive appropriate remediations across multiple teams when necessary
• Knowledge and experience of a cloud infrastructure environment and what applicable security controls should be in place
• Drive both technical and non-technical conversations related to security controls with executive leaders and team members across every business team at CoreWeave
• Ability to identify, assess and plan for upcoming regulatory changes, customer requirements and due diligence trends ahead of when they may be required and build a corresponding action plan to address any requirements
• Strong technical background and experience with cyber tooling
• Expert knowledge of regulatory and compliance requirements, such as: SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, PCI DSS, FedRAMP, GDPR, UK Cyber Essentials, HIPAA, etc
• Deep experience on strategy and execution of collaborating with cross-functional teams, including engineering, infrastructure, security, etc
• Excellent knowledge and execution of reporting procedures to executives and board members on the state internal governance, risk and compliance

Responsibilities

• Develop and drive the overall Governance, Risk, and Compliance program strategy in alignment with CoreWeave’s goals
• Own the regulatory and compliance maturity roadmap to support scaling requirements and new business opportunities
• Act as the representative of GRC programs in executive leadership discussions
• Report program KPIs and KRIs to executive leadership
• Advise C-level executives on new and ongoing risks, mitigation strategies, and regulatory compliance requirements
• Oversee budgets for GRC initiatives and ensure program resources are utilized properly
• Build and maintain partnerships with industry resources to stay ahead of evolving compliance trends
• Be the eyes and ears of CoreWeave related to new and upcoming regulatory, compliance, and customer requirement changes that may impact CoreWeave’s business strategies
• Direct the approach for tackling newly scoped regulatory/compliance initiatives aligned to business scaling requirements (i.e., PCI, DORA, NIS2, etc.)
• Drive operational changes and raise awareness to ensure employees are equipped with the necessary governance and risk knowledge needed to maintain compliant
• Support legal with high-impact tasks such as regulatory reporting, external due diligence inquiries, sub-processor notices, etc
• Direct GRC department on handling international regulatory and compliance initiatives to ensure operations remain compliant globally
• Own the external auditor and external resource recommendations and selection process
• Prepare CISO with regulatory, risk, and compliance updates to communicate to the Board of Directors
• Assist with the relationship management of external auditors and own the external auditor selection process
• Act as an escalation point for the GRC program to assist with stakeholder management when necessary

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption
• Hybrid work environment
• Remote work considered for candidates outside 30 miles of office, depending on skills and experience