Apply on Employer Site

CoreWeave · 2 days ago

Security Risk Management Analyst

Bellevue, WA

Full-time

Hybrid

Senior Level

$122K/yr - $237K/yr

5+ years exp

CoreWeave is The Essential Cloud for AI™, providing innovative solutions for AI development. The Security Risk Management Analyst will identify and track risks, support risk assessments, and collaborate with various teams to enhance risk visibility and ensure compliance.

Artificial Intelligence (AI)Cloud ComputingCloud InfrastructureInformation TechnologyMachine Learning

No H1B

U.S. Citizen Only

Responsibilities

Collaborate with cross-functional teams (Security, IT, Cloud, Engineering, Legal, and Privacy) to capture the scope and impact of risks, summarize mitigation plans, and present findings to Risk Owners and executives

Build and maintain stakeholder relationships across CoreWeave to increase risk visibility and foster a culture of shared responsibility

Develop and maintain repeatable documentation, tracking, and prioritization systems for the company risk register and enterprise risk assessments

Experience leveraging advanced methods—including cyber risk quantification, automated telemetry-based risk signals, and LLM-assisted workflows—to define loss scenarios, assign measurable impact values, identify emerging risks, classify them, and streamline reporting for prioritized remediation

Monitor regulatory and organizational changes, together with Legal, and Security and Privacy Compliance, to assess potential impacts on security and privacy obligations

Perform periodic control and risk assessments aligned with compliance frameworks (e.g., SOX, SOC 2, ISO 27001:2022, FedRAMP, GDPR)

Flex to support broader GRC functions, including audit readiness, customer security questionnaires, and program health metrics

Support the creation, enforcement, and implementation of security policies, procedures, standards, and controls to protect company systems, networks, and data

Qualification

Risk ManagementIT SecurityCompliance FrameworksCyber Risk QuantificationCloud ComputingNIST Cybersecurity FrameworkISO StandardsProject ManagementAnalytical ThinkingCommunication SkillsRelationship Building

Required

Bachelor's degree in Information Security, Computer Science, or a related field, or equivalent practical experience

5+ years of professional experience in Risk Management, IT Security, Compliance, or Audit functions, including working with the NIST Cybersecurity Framework (or equivalent)

Proven experience in compliance, risk management, and/or IT security program management in cloud-native or highly regulated environments

Working knowledge of risk quantification methodologies (e.g., FAIR, Cyber Value-at-Risk) and their application in prioritizing remediation

Strong understanding of industry standards and regulations: SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR, HIPAA

Broad knowledge of core information security domains: Cloud Computing, Kubernetes, Physical Security, Third-Party Risk Management (TPRM), Identity & Access Management, Data Security, Vulnerability & Patch Management, Malware Defenses

Demonstrated ability to translate technical vulnerabilities and operational risks into clear business-impact statements for executives and non-technical stakeholders

Experience reviewing and adapting risk management frameworks in response to business, technology, and regulatory changes

Strong planning, organizational, and project management skills; proven ability to manage shifting priorities with composure and sound judgment

Skilled at building cross-functional relationships and applying analytical thinking to resolve complex, ambiguous issues independently

Preferred

Self-starter with a creative, solutions-oriented mindset and minimal supervision requirements

Hands-on experience with cyber risk quantification tools, automation of risk signals, and LLM-assisted workflows for risk identification and reporting

Experience collaborating directly with engineers to integrate risk telemetry into tooling and dashboards

Excellent negotiation and influence skills to drive alignment with business partners on remediation actions

Exceptional written and verbal communication skills, including executive-level reporting and presentation delivery