Security Risk Management Analyst

Join to apply for the Security Risk Management Analyst role at Core Weave

Core Weave is The Essential Cloud for AI™. Built for pioneers by pioneers, Core Weave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, Core Weave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, Core Weave became a publicly traded company (Nasdaq: CRWV) in March 2025.

Learn more at

• Collaborate with cross-functional teams (Security, IT, Cloud, Engineering, Legal, and Privacy) to capture the scope and impact of risks, summarize mitigation plans, and present findings to Risk Owners and executives.
• Build and maintain stakeholder relationships across Core Weave to increase risk visibility and foster a culture of shared responsibility.
• Develop and maintain repeatable documentation, tracking, and prioritization systems for the company risk register and enterprise risk assessments.
• Experience leveraging advanced methods—including cyber risk quantification, automated telemetry-based risk signals, and LLM‑assisted workflows—to define loss scenarios, assign measurable impact values, identify emerging risks, classify them, and streamline reporting for prioritized remediation.
• Monitor regulatory and organizational changes, together with Legal, and Security and Privacy Compliance, to assess potential impacts on security and privacy obligations.
• Perform periodic control and risk assessments aligned with compliance frameworks (e.g., SOX, SOC 2, ISO 27001:2022, FedRAMP, GDPR).
• Flex to support broader GRC functions, including audit readiness, customer security questionnaires, and program health metrics.
• Support the creation, enforcement, and implementation of security policies, procedures, standards, and controls to protect company systems, networks, and data.

Investing in our people is one of our top priorities, and we value candidates who can bring their diversified experiences to our teams. Here are some qualities we’ve found compatible with our team. We'd love to talk about whether this aligns with your experience and interests and what you’re excited to work on next.

• Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent practical experience.
• 5+ years of professional experience in Risk Management, IT Security, Compliance, or Audit functions, including working with the NIST Cybersecurity Framework (or equivalent).
• Proven experience in compliance, risk management, and/or IT security program management in cloud‑native or highly regulated environments.
• Working knowledge of risk quantification methodologies (e.g., FAIR, Cyber Value-at-Risk) and their application in prioritizing remediation.
• Strong understanding of industry standards and regulations: SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR, HIPAA.
• Broad knowledge of core information security domains:
  Cloud Computing, Kubernetes, Physical Security, Third‑Party Risk Management (TPRM), Identity & Access Management, Data Security, Vulnerability & Patch Management, Malware Defenses.
• Demonstrated ability to translate technical vulnerabilities and operational risks into clear business‑impact statements for executives and non‑technical stakeholders.
• Experience reviewing and adapting risk management frameworks in response to business, technology, and regulatory changes.
• Strong planning, organizational, and project management skills; proven ability to manage shifting priorities with composure and sound judgment.
• Skilled at building cross‑functional relationships and applying analytical thinking to resolve complex, ambiguous issues independently.

• Self‑starter with a creative, solutions‑oriented mindset and minimal supervision requirements.
• Hands‑on experience with cyber risk quantification tools, automation of risk signals, and LLM‑assisted workflows for risk identification and reporting.
• Experience collaborating directly with engineers to integrate risk telemetry…