Security Compliance - Technical Program Manager

CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at www.coreweave.com . About This Role: The Product Engineering organization is responsible for executing and delivering CoreWeave’s products, platforms, processes, and tools. As a security compliance lead, you will creatively shape compliance solutions that enhance both security, engineering and business agility. You will collaborate closely with innovative teams to turn compliance from a checklist into a strategic advantage. You will be part of an environment that values proactive thinking, creative problem-solving, and meaningful impact. If you are passionate about cloud technologies, thrive in complex technical environments, and excel at orchestrating large-scale programs, we want to hear from you! Who You Are : In this role, you will: Own and drive the HITRUST program end-to-end, ensuring alignment with HIPAA Security, Privacy, and Breach Notification Rules and obligations under Business Associate Agreements (BAAs) Define, document, and continuously refine the HITRUST control environment, including data flows, system boundaries, and trust zones for systems that store, process, or transmit electronic Protected Health Information (ePHI) Partner closely with Product, Engineering, Infrastructure, and Security teams to design and implement secure, scalable, and HIPAA-aligned solutions that meet HITRUST CSF requirements Lead HITRUST (e1/i1/r2) assessment readiness and certification efforts, including risk-based scoping, gap assessments, control maturity evaluations, and cross-functional remediation programs Act as the primary liaison for HITRUST External Assessors, managing assessment readiness, validated assessment processes, evidence collection, and certification lifecycle Ensure effective implementation of administrative, physical, and technical safeguards to protect ePHI in accordance with HIPAA and HITRUST requirements Drive continuous compliance and monitoring initiatives, including automation of evidence collection, control validation, and reporting across cloud-native and hybrid environments Translate HITRUST CSF, HIPAA, and contractual (BAA) requirements into actionable technical and operational controls, enabling secure-by-design architectures Support and enforce data protection principles such as minimum necessary access, encryption, secure transmission, audit logging, and incident response for ePHI Identify and implement opportunities to reduce compliance overhead and audit fatigue through control rationalization, inheritance, and alignment across frameworks (SOC 2, ISO 27001, NIST, etc.) Manage compliance and certification lifecycles, ensuring accurate tracking of controls, risks, corrective action plans (CAPs), and audit artifacts Continuously assess and improve control maturity, effectiveness, and risk posture, with a focus on protecting sensitive healthcare data Develop and maintain high-quality documentation (policies, standards, procedures, BAAs, and audit evidence) aligned with HITRUST and HIPAA requirements Track and communicate program health, compliance posture, risks, and remediation progress to internal stakeholders, leadership, and customer-facing teams Support customer assurance activities, including security questionnaires, due diligence requests, and discussions related to HITRUST certification and HIPAA compliance Mentor and guide junior team members and control owners on HITRUST, HIPAA, and healthcare compliance best practices Investing in our people is one of our top prioriti ... (truncated, view full listing at source)