Third Party Risk Management
3 weeks ago
CoreWeave is the AI Hyperscaler™, delivering a cloud platform of cutting edge services powering the next wave of AI. The company's technology provides enterprises and leading AI labs with the most performant, efficient and resilient solutions for accelerated computing. Since 2017, CoreWeave has operated a growing footprint of data centers covering every region of the US and across Europe. CoreWeave was ranked as one of the TIME100 most influential companies of 2024.
As the leader in the industry, we thrive in an environment where adaptability and resilience are key. Our culture offers career-defining opportunities for those who excel amid change and challenge. If you're someone who thrives in a dynamic environment, enjoys solving complex problems, and is eager to make a significant impact, CoreWeave is the place for you. Join us, and be part of a team solving some of the most exciting challenges in the industry.
CoreWeave powers the creation and delivery of the intelligence that drives innovation. To learn more about our values, please visit our careers website.
The Third Party Risk Management (TPRM) Analyst at CoreWeave will be responsible for supporting the GRC Manager, team members, and internal/external stakeholders with the day-to-day operations of the TPRM Program. The primary focus of this role will be to conduct third-party risk assessments and develop mitigation plans to minimize third-party risks. This role is a high visibility role that will work closely with stakeholders across Security, Legal, Procurement, and Finance.
Core job duties include, but are not limited to:
- Complete third-party risk assessments for all new vendors
- Ensure third-party risk assessments include an in-depth Business Impact Analysis (BIA) and Data Protection Impact Assessment (DPIA), supporting BCP/DR and Privacy programs
- Continually reevaluate vendors based on their criticality level to identify/document any changes that may impact our risk exposure, data privacy, mitigation strategies, etc.
- Coordinate the collection of required security assessment artifacts (e.g., audit reports, privacy policies, compliance documentation, incident response plan, disaster recovery/business continuity plans, etc.) from (new and existing) vendors periodically
- Triage assessments that require technical reviews to Security Engineering
- Prepare and monitor the status of each vendor risk assessment (software, data center landlords, etc.) and communicate the status with key stakeholders regularly
- Update and document due diligence tracking with real-time status and escalate issues and concerns (e.g., oversight deficiencies, program concerns, and open risk items)
- Own and update control evidence related to TPRM to ensure readiness for internal assessments and external audits
- Document program processes and procedures to ensure all updates to the TPRM program are captured and accessible to relevant parties
- Support the sales department in completing customer TPRM questionnaires and being the point of contact for security, governance and IT-related inquiries
- Support technical writing team with public-facing due diligence documentation and customer-facing Trust Center
Desired qualifications:
- Experience conducting third-party risk assessments to identify, document, and mitigate potential risks a third party may introduce
- Strong experience utilizing Jira to track and prioritize incoming vendor requests
- Ability to conduct vendor Business Impact Analysis (BIA) and Data Privacy assessments
- Minimum of 3-5 years of work experience in IT/Security Compliance/Audit function (or equivalent)
- Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
- Proven experience in compliance, risk, business continuity, and/or IT security program management
- Familiarity with data privacy regulations and standards (ISO 27701, GDPR, etc.)
- Excellent written communications to internal and external audiences, including senior leadership
- Experience collaborating with cross-functional teams, including legal, procurement, engineering, infrastructure, security, etc.
- Ability to succeed in a team environment or work as an individual contributor
- In-depth knowledge of the security and compliance standards/regulations, specifically SOX, SOC 2, ISO 27001, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR, PCI DSS and HIPAA
- Understanding of concepts related to information security domains such as Cloud Computing, Data Privacy, Physical Security, Identity and Access Management, Encryption, Vulnerability Management, Incident Response, etc.
Additional qualifications:
- Experience with Vendor Management / Third Party Risk Management Programs for Cloud providers
- Self-starter and requires minimal direction from leadership
- Methodical and diligent with outstanding planning abilities
- Able to meet deadlines and handle multiple priorities
- Strong ability to negotiate with business partners to attain successful outcomes
- Excellent communication skills
- Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget, and on time
- Ability to present and effectively communicate with all levels of the organization
- Flexible with the ability to multitask, effectively prioritize, and work under pressure
- Advocate of continuous improvement and industry-recognized best practice
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $80,000-$100,000. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.
What We Offer
The range we've posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location.
In addition to a competitive salary, we offer a variety of benefits to support your needs, including:
- Medical, dental, and vision insurance - 100% paid for by CoreWeave
- Company-paid Life Insurance
- Voluntary supplemental life insurance
- Short and long-term disability insurance
- Flexible Spending Account
- Tuition Reimbursement
- Mental Wellness Benefits through Spring Health
- Family-Forming support provided by Carrot
- Paid Parental Leave
- Flexible, full-service childcare support with Kinside
- 401(k) with a generous employer match
- Flexible PTO
- Catered lunch each day in our office and data center locations
- A casual work environment
- A work culture focused on innovative disruption
Our Workplace
At CoreWeave, we are committed to operating as a hybrid workplace, offering employees flexibility in how they structure their time between in-office and remote work. We recognize the significance of fostering connections, collaboration, and creativity within our office culture and its positive impact on our business. Our philosophy operating as a hybrid workplace underscores our dedication to enabling employees to tailor work-life balance to their individual preferences.
For those who do not live within 30 miles of one of our offices, we are open to considering remote work for candidates whose skills and experience strongly align with the role. While we prioritize a hybrid work environment for most roles, we understand the importance of flexibility and are open to remote work for specific positions and specialized skill sets. Onboarding is essential to your success. New employees not based out of an office will be invited to attend onboarding training at one of our hubs within their first month of employment. We continue to foster a collaborative environment by bringing teams together quarterly.
California Consumer Privacy Act - California applicants only
CoreWeave is an equal opportunity employer, committed to fostering an inclusive and supportive workplace. All qualified applicants and candidates will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.
As part of this commitment and consistent with the Americans with Disabilities Act (ADA), CoreWeave will ensure that qualified applicants and candidates with disabilities are provided reasonable accommodations for the hiring process, unless such accommodation would cause an undue hardship. If reasonable accommodation is needed, please contact: careers@coreweave.com.
-
Third Party Risk
2 months ago
New York, United States TEKsystems Full timeJob DescriptionJob DescriptionTop Skills' Details* Knowledgeable in multiple areas of technology, with hands-on experience and technical expertise across all Information Security domains* Experienced with local, national, and international financial services and privacy regulations, such as GLBA, NYDFS, GDPR, CCPA, etc. and credit card industry...
-
Third Party Risk Management Analyst
1 week ago
New York, United States Amalgamated Bank of NY Full timeJob DescriptionJob DescriptionThe Third Party Risk Management Analyst supports the Third Party Risk Management Team in the development and execution of the Bank’s Enterprise Third Party Risk Management Program to measure, monitor, assess and report on the control of third-party vendor risk throughout the enterprise. Responsibilities include interfacing and...
-
Third party vendor risk manager
2 weeks ago
New York, United States PGMTEK Inc. Full timeLooking for a Third-Party / Vendor Risk Management (VRM) Specialist for a global financial services company in NYC.This role is responsible for overseeing the client's Third-Party / Vendor Risk Management program. VRM is a structured and independent function that helps the organization identify, assess, and manage risks associated with third-party vendors....
-
Third party vendor risk manager
2 weeks ago
new york city, United States PGMTEK Inc. Full timeLooking for a Third-Party / Vendor Risk Management (VRM) Specialist for a global financial services company in NYC.This role is responsible for overseeing the client's Third-Party / Vendor Risk Management program. VRM is a structured and independent function that helps the organization identify, assess, and manage risks associated with third-party vendors....
-
New York, United States Capital One Full timeLocations: VA - McLean, United States of America, McLean, VirginiaPrincipal Associate, Third Party Management, Enterprise Services Risk OfficeCapital One is a diversified bank that offers a broad array of financial products and services to consumers, small business and commercial clients. As one of the nation's top 10 banks, we offer a broad spectrum of...
-
Third-Party Vendor Approvals Auditor
5 months ago
New York, United States Vista Global Full timeJob Profile Vista is a fast-growing private aviation business, operating the world’s largest wholly owned large cabin private jet fleet, embracing the highest levels of service, safety, security, reliability, and value. Providing exceptional and unparalleled standards of quality, style, and service. Our employees are regarded as our greatest...
-
Sr. Supply Chain Specialist, Enablement
2 weeks ago
New York, United States Con Edison Full timeRequired Education/Experience High School Diploma/GED and 7 years of relevant work experience or Bachelor's Degree and 3 years of relevant work expereince or Master's Degree and 2 years of relevant work experience Relevant Work Experience Microsoft 365 Required Oracle EBS or similar enterprise resource planning tool Required Risk management...
-
New York, New York, United States Diamond Sports Group Full timeTake Your Cybersecurity Career to the Next Level at Diamond Sports GroupDiamond Sports Group LLC, a leading provider of local sports, is seeking an experienced Cybersecurity Risk Manager for Sports Entertainment to join our team. As a cybersecurity professional, you will play a critical role in protecting our organization's assets and ensuring the integrity...
-
Technology Risk Management Analyst Sr
2 weeks ago
New York, United States Flagstar Bank Full timePay Range: 112- 140KJOB SUMMARYAs a key member of the second line of defense Technology, Cyber, Third Party Risk Management & Resilience Risk Management team, the Technology Risk Senior Analyst will support the Technology Risk team to fulfill the Bank’s Second Line of Defense (“2LoD”) mandate to identify, measure, monitor, and manage the Information...
-
New York, New York, United States Bank of America Full timeOverviewAs a Risk Oversight Manager for Global Markets and Fixed Income at Bank of America, you will play a critical role in ensuring the organization's compliance with regulatory requirements and maintaining a risk-aware culture. This position requires strong analytical and communication skills, as well as the ability to work effectively in a fast-paced...
-
IT Risk Associate
1 month ago
New York, United States Selby Jennings Full timeIT Risk Associate Location: NYC Compensation: 120-150k base I am currently working with a prestigious financial services firm to grow out their Technology Risk team by adding an IT Risk Associate to their office in NYC. Ideal candidates have 5+ years of experience in technology risk and are familiar with the processes surrounding vendor risk management. ...
-
IT Risk Associate
3 weeks ago
New York, United States Selby Jennings Full timeIT Risk Associate Location: NYC Compensation: 120-150k base I am currently working with a prestigious financial services firm to grow out their Technology Risk team by adding an IT Risk Associate to their office in NYC. Ideal candidates have 5+ years of experience in technology risk and are familiar with the processes surrounding vendor risk management. ...
-
Risk Management Coordinator
2 months ago
New Bremen, United States Crown Equipment Full timeRisk Management Coordinator Location: New Bremen, OH, US, 45869 **Company Description:** Crown Equipment Corporation is a leading innovator in world-class forklift and material handling equipment and technology. As one of the worlds largest lift truck manufacturers, we are committed to providing the customer with the safest, most efficient and ergonomic lift...
-
Director - Resilience Risk Management
2 weeks ago
New York, United States Flagstar Bank Full timePay Range: 223- 280K JOB SUMMARY The Director of Resilience Risk is a second line of defense role accountable to identify, measure, monitor, and manage the Resilience risk profile of the Bank (including business continuity and disaster recovery risk), ensuring risk exposure remains within the Bank’s risk appetite. Demonstrate independent, effective,...
-
Director - Resilience Risk Management
1 week ago
New York, United States Flagstar Bank Full timePay Range: 223- 280K JOB SUMMARY The Director of Resilience Risk is a second line of defense role accountable to identify, measure, monitor, and manage the Resilience risk profile of the Bank (including business continuity and disaster recovery risk), ensuring risk exposure remains within the Bank’s risk appetite. Demonstrate independent, effective,...
-
Technology Risk Consultant
3 weeks ago
New York, United States The Phoenix Group Full timeThis is a great opportunity for a candidate interested in getting started in a career in security, especially governance and risk. No prior security experience required (although it doesn't hurt) just need someone who has a curious nature and wants to learn and grow!OverviewAs a Technology Risk Management Consultant, you will support the governance, audit,...
-
Assistant Director of Risk Management
4 weeks ago
New York, United States Metropolitan Jewish Health System Full timeOur Corporate team may not provide direct care, but we still touch people's lives in a very real and substantial way. The services we provide contribute greatly to the overall patient and member experience, supporting our reputation for excellence. The organization's risk management program has various functions, including a third-party risk management...
-
Manager - IT Risk
4 weeks ago
New York, United States EisnerAmper Full timeJob Description At EisnerAmper, we look for individuals who welcome new ideas, encourage innovation, and are eager to make an impact. Whether you're starting out in your career or taking your next step as a seasoned professional, the EisnerAmper experience is one-of-a-kind. You can design a career you'll love from top to bottom - we give you the tools you...
-
VP, Risk IT Developer
4 weeks ago
New York, United States She Recruits, LLC Full timeThis is a hybrid position. The selected colleague will work at a company office an average of two to three days per week with the remainder worked remotely.Role Description:The Risk Technology team is responsible for designing, integrating and supporting Middle Office Risk systems in the organization using the third party Market Financial Risk Analytics...
-
Multi Asset Risk Analyst
4 weeks ago
New York, United States Selby Jennings Full timeA growing Hedge Fund Managed Account Platform is looking to grow their client-facing Quantitative Risk Analytics team here in NYC. The platform utilizes proprietary technolgy and provides performance and risk analytics across active investment strategies for their investors. Responsibilities include developing and enhancing risk factor models and performance...