Security Compliance - Technical Program Manager

About This Role:

The Product Engineering organization is responsible for executing and delivering CoreWeave’s products, platforms, processes, and tools. As a security compliance lead, you will creatively shape compliance solutions that enhance both security, engineering and business agility. You will collaborate closely with innovative teams to turn compliance from a checklist into a strategic advantage. You will be part of an environment that values proactive thinking, creative problem-solving, and meaningful impact.

If you are passionate about cloud technologies, thrive in complex technical environments, and excel at orchestrating large-scale programs, we want to hear from you!

Who You Are:

In this role, you will:

• Own and drive the HITRUST program end-to-end, ensuring alignment with HIPAA Security, Privacy, and Breach Notification Rules and obligations under Business Associate Agreements (BAAs)
• Define, document, and continuously refine the HITRUST control environment, including data flows, system boundaries, and trust zones for systems that store, process, or transmit electronic Protected Health Information (ePHI)
• Partner closely with Product, Engineering, Infrastructure, and Security teams to design and implement secure, scalable, and HIPAA-aligned solutions that meet HITRUST CSF requirements
• Lead HITRUST (e1/i1/r2) assessment readiness and certification efforts, including risk-based scoping, gap assessments, control maturity evaluations, and cross-functional remediation programs
• Act as the primary liaison for HITRUST External Assessors, managing assessment readiness, validated assessment processes, evidence collection, and certification lifecycle
• Ensure effective implementation of administrative, physical, and technical safeguards to protect ePHI in accordance with HIPAA and HITRUST requirements
• Drive continuous compliance and monitoring initiatives, including automation of evidence collection, control validation, and reporting across cloud-native and hybrid environments
• Translate HITRUST CSF, HIPAA, and contractual (BAA) requirements into actionable technical and operational controls, enabling secure-by-design architectures
• Support and enforce data protection principles such as minimum necessary access, encryption, secure transmission, audit logging, and incident response for ePHI
• Identify and implement opportunities to reduce compliance overhead and audit fatigue through control rationalization, inheritance, and alignment across frameworks (SOC 2, ISO 27001, NIST, etc.)
• Manage compliance and certification lifecycles, ensuring accurate tracking of controls, risks, corrective action plans (CAPs), and audit artifacts
• Continuously assess and improve control maturity, effectiveness, and risk posture, with a focus on protecting sensitive healthcare data
• Develop and maintain high-quality documentation (policies, standards, procedures, BAAs, and audit evidence) aligned with HITRUST and HIPAA requirements
• Track and communicate program health, compliance posture, risks, and remediation progress to internal stakeholders, leadership, and customer-facing teams
• Support customer assurance activities, including security questionnaires, due diligence requests, and discussions related to HITRUST certification and HIPAA compliance
• Mentor and guide junior team members and control owners on HITRUST, HIPAA, and healthcare compliance best practices

Investing in our people is one of our top priorities, and we value candidates who can bring their diversified experiences to our teams. Here are some qualities we’ve found compatible with our team. We'd love to talk about whether this aligns with your experience and interests and what you’re excited to work on next.

• Experience leading HITRUST certification and readiness programs (e1, i1, r2), including control implementation, gap remediation, and audit support in HIPAA-regulated environments
• Strong understanding of HIPAA Security, Privacy, and Breach Notification Rules, with hands-on experience implementing safeguards for ePHI in cloud and distributed systems
• Proven ability to design and scale compliance programs in high-growth or hyperscale environments, balancing regulatory requirements with engineering velocity
• Experience aligning HITRUST CSF with frameworks such as HIPAA, ISO 27001, SOC 2, and NIST to streamline controls, enable inheritance, and reduce audit overhead
• Deep knowledge of cloud-native security controls, including IAM, encryption (at rest and in transit), logging and monitoring, network segmentation, and container/Kubernetes security
• Experience implementing and operating administrative, physical, and technical safeguards in accordance with HIPAA and HITRUST requirements
• Demonstrated ability to drive continuous compliance, automation, and compliance-as-code initiatives in engineering-driven environments
• Experience supporting customer assurance, security reviews, and BAA obligations, including responding to due diligence and regulatory requirements
• Strong analytical, communication, and stakeholder management skills, with the ability to translate complex compliance requirements into actionable guidance
• Relevant certifications such as HITRUST CCSFP, CISSP, CISA, CISM, CRISC, or equivalent

If you're eager to elevate compliance into a creative, strategic force within a fast-paced, forward-thinking company, we'd love to hear from you!

Wondering if you’re a good fit? We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams – even if you aren't a 100% skill or experience match.

Why CoreWeave?

At CoreWeave, we work hard, have fun, and move fast!  We’re in an exciting stage of hyper-growth that you will not want to miss out on. We’re not afraid of a little chaos, and we’re constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values: 

• Be Curious at Your Core
• Act Like an Owner
• Empower Employees
• Deliver Best-in-Class Client Experiences
• Achieve More Together

We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and enables the development of innovative solutions to complex problems. As we get set for takeoff, the organization's growth opportunities are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us! 

The base salary range for this role is $143,000 to $210,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).