Enterprise Risk Program Manager

Summary

Join CoreWeave, a leading AI hyperscaler, as an Enterprise Risk Engineering Manager. Drive the ERM program, fostering a risk-informed culture and regularly assessing exposures. Support the program's maturity by developing foundational elements and executing periodic risk assessments across multiple compliance frameworks. Collaborate with internal stakeholders on governance and compliance initiatives, providing risk consultation. Manage risk register items and audit corrective action plans. Develop automated risk program capabilities and maintain relevant KPIs and KRIs. Review risk reporting and maintain ERM program policies and procedures. This role requires a Bachelor's degree in a related field, relevant certifications (CISA or CISSP), and 5+ years of experience in IT/Security Compliance/Audit. CoreWeave offers competitive compensation, comprehensive benefits including health insurance, life insurance, disability insurance, paid parental leave, flexible PTO, and a hybrid work environment.

Requirements

• Bachelor's in Information Security, Computer Science, or related degree
• Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
• Minimum of 5+ years work experience in IT/Security Compliance/Audit function (or equivalent)
• Proven experience in compliance, risk management and/or IT security program management
• In-depth knowledge of the industry's standards and regulations as well as common control sets (e.g. SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR and HIPAA)
• In-depth understanding of concepts related to information security domains such as Cloud Computing, Physical Security, Third Party Risk Management (TPRM), Identity and Access Management, Data Security, Vulnerability and Patch Management, Malware Defenses, CIS Top 18 Controls
• Strong relationship-building and interpersonal skills, needed to help influence decision makers and technology owners
• Integrating new technologies into existing technology portfolios
• Collaborating with cross-functional teams, including engineering, network and infrastructure
• Excellent knowledge of reporting procedures and record-keeping
• Ability to succeed in a team environment or work as an individual contributor

Responsibilities

• Drive the Enterprise Risk Engineering Management (ERM) program by fostering a risk informed culture and regularly assessing exposures, identifying gaps, and supporting issues management resolution
• Support the maturity of the ERM Program through assisting with the development of foundational and governance elements including standards, systems, tools, policies, workflows, and communications
• Execute periodic control and engineering risk assessments against the multiple compliance frameworks we currently align to and may align to in the future (SOX, SOC 2, ISO 27001:2022, FedRAMP, etc.)
• Assist in maintaining the documentation, prioritization, and tracking of items such as the company risk register and exceptions process
• Perform analysis on regulatory changes, or organization changes, that may impact our Information Security requirements
• Perform periodic Business Impact Analysis (BIA) assessments to support Business Continuity and Disaster Recovery programs
• Work closely with internal stakeholders (Corporate IT, Legal, HR, Audit, and Product Team Members) on governance/compliance initiatives and enhancements to the monitoring of security controls
• Provide ad-hoc risk consultation to executives, leaders and internal stakeholders to help manage risks in pursuit of business and strategic objectives
• Act as a program manager, by developing and tracking risk register items and audit corrective action plans through remediation
• Develop automated, repeatable and sustainable risk program registration, tracking and reporting program capabilities
• Maintain the appropriate KPIs and KRIs related to an Enterprise Risk program
• Review risk reporting, including but not limited to the status of key risks and related trends, the effectiveness of controls and responses/mitigation, key risk indicators, and exceptions, etc
• Maintain and monitor ERM program policies and procedures
• Maintain and mature GRC tool used to track risks, exceptions and remediation plans

Preferred Qualifications

• Strong understanding of GRC programs for cloud providers
• Self-starter and requires minimal direction from leadership
• Methodical and diligent with outstanding planning abilities
• Able to meet deadlines and handle multiple priorities
• Strong ability to negotiate with business partners to attain successful outcomes
• Excellent communication skills
• Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget and on time
• Ability to present and effectively communicate with all levels of the organization
• Flexible with the ability to multitask, effectively prioritize and work under pressure
• Advocate of continuous improvement and industry recognized best practice

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption
• At CoreWeave, we are committed to operating as a hybrid workplace, offering employees flexibility in how they structure their time between in-office and remote work