CoreWeave is the AI Hyperscaler™, delivering a cloud platform of cutting edge services powering the next wave of AI. The company’s technology provides enterprises and leading AI labs with the most performant, efficient and resilient solutions for accelerated computing. Since 2017, CoreWeave has operated a growing footprint of data centers covering every region of the US and across Europe. CoreWeave was ranked as one of the TIME100 most influential companies of 2024.

As the leader in the industry, we thrive in an environment where adaptability and resilience are key. Our culture offers career-defining opportunities for those who excel amid change and challenge. If you’re someone who thrives in a dynamic environment, enjoys solving complex problems, and is eager to make a significant impact, CoreWeave is the place for you. Join us, and be part of a team solving some of the most exciting challenges in the industry. 

CoreWeave powers the creation and delivery of the intelligence that drives innovation. To learn more about our values, please visit our careers website.

The Third Party Risk Management (TPRM) Analyst at CoreWeave will be responsible for supporting the GRC Manager, team members, and internal/external stakeholders with the day-to-day operations of the TPRM Program. The primary focus of this role will be to conduct third-party risk assessments and develop mitigation plans to minimize third-party risks. This role is a high visibility role that will work closely with stakeholders across Security, Legal, Procurement, and Finance. 

Core job duties include, but are not limited to:

  • Complete third-party risk assessments for all new vendors
  • Ensure third-party risk assessments include an in-depth Business Impact Analysis (BIA) and Data Protection Impact Assessment (DPIA), supporting BCP/DR and Privacy programs
  • Continually reevaluate vendors based on their criticality level to identify/document any changes that may impact our risk exposure, data privacy, mitigation strategies, etc. 
  • Coordinate the collection of required security assessment artifacts (e.g., audit reports, privacy policies, compliance documentation, incident response plan, disaster recovery/business continuity plans, etc.) from (new and existing) vendors periodically
  • Triage assessments that require technical reviews to Security Engineering 
  • Prepare and monitor the status of each vendor risk assessment (software, data center landlords, etc.) and communicate the status with key stakeholders regularly
  • Update and document due diligence tracking with real-time status and escalate issues and concerns (e.g., oversight deficiencies, program concerns, and open risk items)
  • Own and update control evidence related to TPRM to ensure readiness for internal assessments and external audits 
  • Document program processes and procedures to ensure all updates to the TPRM program are captured and accessible to relevant parties
  • Support the sales department in completing customer TPRM questionnaires and being the point of contact for security, governance and IT-related inquiries
  • Support technical writing team with public-facing due diligence documentation and customer-facing Trust Center

Desired qualifications:

  • Experience conducting third-party risk assessments to identify, document, and mitigate potential risks a third party may introduce
  • Strong experience utilizing Jira to track and prioritize incoming vendor requests
  • Ability to conduct vendor Business Impact Analysis (BIA) and Data Privacy assessments  
  • Minimum of 3-5 years of work experience in IT/Security Compliance/Audit function (or equivalent)
  • Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
  • Proven experience in compliance, risk, business continuity, and/or IT security program management 
  • Familiarity with data privacy regulations and standards (ISO 27701, GDPR, etc.) 
  • Excellent written communications to internal and external audiences, including senior leadership
  • Experience collaborating with cross-functional teams, including legal, procurement, engineering, infrastructure, security, etc. 
  • Ability to succeed in a team environment or work as an individual contributor
  • In-depth knowledge of the security and compliance standards/regulations, specifically SOX, SOC 2, ISO 27001, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR, PCI DSS and HIPAA
  • Understanding of concepts related to information security domains such as Cloud Computing, Data Privacy, Physical Security, Identity and Access Management, Encryption, Vulnerability Management, Incident Response, etc.

Additional qualifications:

  • Experience with Vendor Management / Third Party Risk Management Programs for Cloud providers 
  • Self-starter and requires minimal direction from leadership
  • Methodical and diligent with outstanding planning abilities
  • Able to meet deadlines and handle multiple priorities
  • Strong ability to negotiate with business partners to attain successful outcomes
  • Excellent communication skills
  • Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget, and on time
  • Ability to present and effectively communicate with all levels of the organization
  • Flexible with the ability to multitask, effectively prioritize, and work under pressure
  • Advocate of continuous improvement and industry-recognized best practice

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $80,000-$100,000. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.

What We Offer

The range we’ve posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location.

In addition to a competitive salary, we offer a variety of benefits to support your needs, including:

  • Medical, dental, and vision insurance - 100% paid for by CoreWeave
  • Company-paid Life Insurance 
  • Voluntary supplemental life insurance 
  • Short and long-term disability insurance 
  • Flexible Spending Account
  • Tuition Reimbursement 
  • Mental Wellness Benefits through Spring Health 
  • Family-Forming support provided by Carrot
  • Paid Parental Leave 
  • Flexible, full-service childcare support with Kinside
  • 401(k) with a generous employer match
  • Flexible PTO
  • Catered lunch each day in our office and data center locations
  • A casual work environment
  • A work culture focused on innovative disruption

Our Workplace

At CoreWeave, we are committed to operating as a hybrid workplace, offering employees flexibility in how they structure their time between in-office and remote work. We recognize the significance of fostering connections, collaboration, and creativity within our office culture and its positive impact on our business. Our philosophy operating as a hybrid workplace underscores our dedication to enabling employees to tailor work-life balance to their individual preferences.

For those who do not live within 30 miles of one of our offices, we are open to considering remote work for candidates whose skills and experience strongly align with the role. While we prioritize a hybrid work environment for most roles, we understand the importance of flexibility and are open to remote work for specific positions and specialized skill sets. Onboarding is essential to your success. New employees not based out of an office will be invited to attend onboarding training at one of our hubs within their first month of employment. We continue to foster a collaborative environment by bringing teams together quarterly.

 

California Consumer Privacy Act - California applicants only

CoreWeave is an equal opportunity employer, committed to fostering an inclusive and supportive workplace. All qualified applicants and candidates will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.

As part of this commitment and consistent with the Americans with Disabilities Act (ADA), CoreWeave will ensure that qualified applicants and candidates with disabilities are provided reasonable accommodations for the hiring process, unless such accommodation would cause an undue hardship. If reasonable accommodation is needed, please contact: careers@coreweave.com.

Apply for this Job

* Required
resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)


Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in CoreWeave’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.


Enter the verification code sent to to confirm you are not a robot, then submit your application.

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.