Third-Party Risk Management (TPRM) Analyst

About the role:
CoreWeave is searching for a Third-Party Risk Management (TPRM) Analyst to build and maintain a robust TPRM program. A lot of your time will be spent on evaluating the risk that new vendors or third-parties may introduce, creating mitigation plans to minimize third-party risk, socializing contractual requirements to internal stakeholders, being the liaison between Sales/Customer Success & IT/Security, and completing TPRM questionnaires. Please note that this role is based in our Roseland, NJ office. A closer look at what you’ll be doing in this role: 

• Review CoreWeave’s TPRM program and advise on best practices 
• Own the business and vendor risk process from end-to-end; manage the entirety of the vendor lifecycle, including internal policies/documentation, vendor risk classification, due diligence, contract negotiation, ongoing monitoring, and termination processes
• Review the existing vendors within CoreWeave’s ecosystem and risk-rate the vendors
• Coordinate the collection of required security assessment artifacts (e.g., privacy policies, compliance documentation, incident response plan, disaster recovery/business continuity plan, audited financial statements) from vendors 
• Complete the formal written risk assessment of vendors while identifying mitigation strategies to lower inherent and residual risk based on risks identified and business unit requirements
• Own the periodic review of vendors based on their inherited Third-Party Risk to be in alignment with governance, risk and compliance requirements
• Prepare and monitor the status of each vendor risk assessment (software, data center landlords, etc.) and communicate the status with key stakeholders on a regular basis
• Update and document due diligence tracking with real time status and escalate issues and concerns (e.g., oversight deficiencies, program concerns, and open risk items)
• Own and update control evidence related to TPRM within the Drata compliance platform
• Own the development and deployment of CoreWeave’s Whistic Profiles
• Implement program processes into TPRM tools (Whistic), to assist with task automation
• Support the sales department in completing customer TPRM questionnaires and being the point of contact for security, governance and IT related inquiries
• Establish good peer relationships and foster collaboration with stakeholders
• Familiarize and own the contractual agreements to ensure identified risks comply with our policies and procedures, legal, and regulatory requirements, and financial control guidelines
• Travel to different CoreWeave sites (domestically and internationally) as-needed to conduct risk assessments

Wondering if you’re a good fit? We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams – even if you aren't a 100% skill or experience match. Here are some qualities we’ve found compatible with our team. If a portion of this resonates with you, we’d love to talk. 

• You’re an expert in risk management. You’ve got 3-5 years of experience or related knowledge of Third-Party Risk Management methodologies and regulatory guidance and or risk management, preferably within the technology industry.
• You have project and/or program management experience.
• You’re experienced with conducting independent security risk assessments.
• You’ve got great negotiation skills (both internally and externally), and can communicate clearly and compellingly.
• Your written communication skills are strong enough to present to senior leadership, and our multiple stakeholders (internal and external). 
• You have a deep understanding of and experience with information security, business continuity, compliance, financial analysis, legal, and audit
• You’re a self-starter, take initiative and perform in an agile, fast-paced technical and business environment; you like to tinker and figure things out.
• You’re a problem solver, and have a good handle on how to prioritize and manage your time.