Security Risk Management Analyst

About The Position

Requirements

• Bachelor's degree in Information Security, Computer Science, or a related field, or equivalent practical experience.
• 5+ years of professional experience in Risk Management, IT Security, Compliance, or Audit functions, including working with the NIST Cybersecurity Framework (or equivalent).
• Proven experience in compliance, risk management, and/or IT security program management in cloud-native or highly regulated environments.
• Working knowledge of risk quantification methodologies (e.g., FAIR, Cyber Value-at-Risk) and their application in prioritizing remediation.
• Strong understanding of industry standards and regulations: SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR, HIPAA.
• Broad knowledge of core information security domains: Cloud Computing, Kubernetes, Physical Security, Third-Party Risk Management (TPRM), Identity & Access Management, Data Security, Vulnerability & Patch Management, Malware Defenses.
• Demonstrated ability to translate technical vulnerabilities and operational risks into clear business-impact statements for executives and non-technical stakeholders.
• Experience reviewing and adapting risk management frameworks in response to business, technology, and regulatory changes.
• Strong planning, organizational, and project management skills; proven ability to manage shifting priorities with composure and sound judgment.
• Skilled at building cross-functional relationships and applying analytical thinking to resolve complex, ambiguous issues independently.

Nice To Haves

• Self-starter with a creative, solutions-oriented mindset and minimal supervision requirements.
• Hands-on experience with cyber risk quantification tools, automation of risk signals, and LLM-assisted workflows for risk identification and reporting.
• Experience collaborating directly with engineers to integrate risk telemetry into tooling and dashboards.
• Excellent negotiation and influence skills to drive alignment with business partners on remediation actions.
• Exceptional written and verbal communication skills, including executive-level reporting and presentation delivery.

Responsibilities

• Collaborate with cross-functional teams (Security, IT, Cloud, Engineering, Legal, and Privacy) to capture the scope and impact of risks, summarize mitigation plans, and present findings to Risk Owners and executives.
• Build and maintain stakeholder relationships across CoreWeave to increase risk visibility and foster a culture of shared responsibility.
• Develop and maintain repeatable documentation, tracking, and prioritization systems for the company risk register and enterprise risk assessments.
• Leverage advanced methods including cyber risk quantification, automated telemetry-based risk signals, and LLM-assisted workflows to define loss scenarios, assign measurable impact values, identify emerging risks, classify them, and streamline reporting for prioritized remediation.
• Monitor regulatory and organizational changes, together with Legal, and Security and Privacy Compliance, to assess potential impacts on security and privacy obligations.
• Perform periodic control and risk assessments aligned with compliance frameworks (e.g., SOX, SOC 2, ISO 27001:2022, FedRAMP, GDPR).
• Support broader GRC functions, including audit readiness, customer security questionnaires, and program health metrics.
• Support the creation, enforcement, and implementation of security policies, procedures, standards, and controls to protect company systems, networks, and data.

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption