Director, Governance, Risk & Compliance

Coreweave • Full-time • Livingston, New Jersey, United States • 5d ago

About the Role:

We are seeking a highly skilled and driven Director of Governance, Risk, and Compliance to join our Security team. You will lead a high-functioning GRC team, reporting to the Chief Information Security Officer and focus on the overall strategic direction of GRC. Additionally, you will act as the external representative for CoreWeave’s privacy, regulatory, risk, and governance programs.

Responsibilities:

Develop and drive the overall Governance, Risk, and Compliance program strategy in alignment with CoreWeave’s goals.
Own the regulatory and compliance maturity roadmap to support scaling requirements and new business opportunities.
Act as the representative of GRC programs in executive leadership discussions.
Report program KPIs and KRIs to executive leadership.
Advise C-level executives on new and ongoing risks, mitigation strategies, and regulatory compliance requirements.
Oversee budgets for GRC initiatives and ensure program resources are utilized properly.
Build and maintain partnerships with industry resources to stay ahead of evolving compliance trends.
Be the eyes and ears of CoreWeave related to new and upcoming regulatory, compliance, and customer requirement changes that may impact CoreWeave’s business strategies.
Direct the approach for tackling newly scoped regulatory/compliance initiatives aligned to business scaling requirements (i.e., PCI, DORA, NIS2, etc.).
Drive operational changes and raise awareness to ensure employees are equipped with the necessary governance and risk knowledge needed to maintain compliant.
Support legal with high-impact tasks such as regulatory reporting, external due diligence inquiries, sub-processor notices, etc.
Direct GRC department on handling international regulatory and compliance initiatives to ensure operations remain compliant globally.
Own the external auditor and external resource recommendations and selection process.
Prepare CISO with regulatory, risk, and compliance updates to communicate to the Board of Directors.
Assist with the relationship management of external auditors and own the external auditor selection process.
Act as an escalation point for the GRC program to assist with stakeholder management when necessary.

Required Skills:

Minimum of 10 years work experience in IT, Security Compliance or Audit function, preferably in the cloud service provider industry
Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
Experience building and maintaining a governance, risk, and compliance program at scale
Experience conducting end-to-end control framework assessments; documenting control effectiveness, gaps, remediation requirements and/or maturity recommendations
Ability to drive a team of managers and analysts to focus on prioritizing and delivering high-quality work with external/internal audit, customers and investors with attention to details
Experience working directly with external auditors, regulators and government officials on security assessments and due diligence
Ability to assess risks and distinguish critical or high impacting security areas within CoreWeave’s environment and drive appropriate remediations across multiple teams when necessary.
Knowledge and experience of a cloud infrastructure environment and what applicable security controls should be in place
Drive both technical and non-technical conversations related to security controls with executive leaders and team members across every business team at CoreWeave
Ability to identify, assess and plan for upcoming regulatory changes, customer requirements and due diligence trends ahead of when they may be required and build a corresponding action plan to address any requirements
Strong technical background and experience with cyber tooling
Expert knowledge of regulatory and compliance requirements, such as: SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, PCI DSS, FedRAMP, GDPR, UK Cyber Essentials, HIPAA, etc.
Deep experience on strategy and execution of collaborating with cross-functional teams, including engineering, infrastructure, security, etc
Excellent knowledge and execution of reporting procedures to executives and board members on the state internal governance, risk and compliance

The Director of Governance, Risk, and Compliance team works standard business hours and may be required to perform job duties outside of normal business hours as needed, aligned to job duties.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $180,000-$220,000. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.