The Third Party Risk Management (TPRM) Analyst at CoreWeave will be responsible for supporting the GRC Manager, team members, and internal/external stakeholders with the day-to-day operations of the TPRM Program. The primary focus of this role will be to conduct third-party risk assessments and develop mitigation plans to minimize third-party risks. This role is a high visibility role that will work closely with stakeholders across Security, Legal, Procurement, and Finance.
Core job duties include, but are not limited to:
- Complete third-party risk assessments for all new vendors
- Ensure third-party risk assessments include an in-depth Business Impact Analysis (BIA) and Data Protection Impact Assessment (DPIA), supporting BCP/DR and Privacy programs
- Continually reevaluate vendors based on their criticality level to identify/document any changes that may impact our risk exposure, data privacy, mitigation strategies, etc.
- Coordinate the collection of required security assessment artifacts (e.g., audit reports, privacy policies, compliance documentation, incident response plan, disaster recovery/business continuity plans, etc.) from (new and existing) vendors periodically
- Triage assessments that require technical reviews to Security Engineering
- Prepare and monitor the status of each vendor risk assessment (software, data center landlords, etc.) and communicate the status with key stakeholders regularly
- Update and document due diligence tracking with real-time status and escalate issues and concerns (e.g., oversight deficiencies, program concerns, and open risk items)
- Own and update control evidence related to TPRM to ensure readiness for internal assessments and external audits
- Document program processes and procedures to ensure all updates to the TPRM program are captured and accessible to relevant parties
- Support the sales department in completing customer TPRM questionnaires and being the point of contact for security, governance and IT-related inquiries
- Support technical writing team with public-facing due diligence documentation and customer-facing Trust Center
Desired qualifications:
- Experience conducting third-party risk assessments to identify, document, and mitigate potential risks a third party may introduce
- Strong experience utilizing Jira to track and prioritize incoming vendor requests
- Ability to conduct vendor Business Impact Analysis (BIA) and Data Privacy assessments
- Minimum of 3-5 years of work experience in IT/Security Compliance/Audit function (or equivalent)
- Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
- Proven experience in compliance, risk, business continuity, and/or IT security program management
- Familiarity with data privacy regulations and standards (ISO 27701, GDPR, etc.)
- Excellent written communications to internal and external audiences, including senior leadership
- Experience collaborating with cross-functional teams, including legal, procurement, engineering, infrastructure, security, etc.
- Ability to succeed in a team environment or work as an individual contributor
- In-depth knowledge of the security and compliance standards/regulations, specifically SOX, SOC 2, ISO 27001, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR, PCI DSS and HIPAA
- Understanding of concepts related to information security domains such as Cloud Computing, Data Privacy, Physical Security, Identity and Access Management, Encryption, Vulnerability Management, Incident Response, etc.
Additional qualifications:
- Experience with Vendor Management / Third Party Risk Management Programs for Cloud providers
- Self-starter and requires minimal direction from leadership
- Methodical and diligent with outstanding planning abilities
- Able to meet deadlines and handle multiple priorities
- Strong ability to negotiate with business partners to attain successful outcomes
- Excellent communication skills
- Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget, and on time
- Ability to present and effectively communicate with all levels of the organization
- Flexible with the ability to multitask, effectively prioritize, and work under pressure
- Advocate of continuous improvement and industry-recognized best practice
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $125,000-$145,000. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.
