Security Compliance - Technical Program Manager

About This Role:

The Product Engineering organization is responsible for executing and delivering CoreWeave’s products, platforms, processes, and tools. As a security compliance lead, you will creatively shape compliance solutions that enhance both security, engineering and business agility. You will collaborate closely with innovative teams to turn compliance from a checklist into a strategic advantage. You will be part of an environment that values proactive thinking, creative problem-solving, and meaningful impact.

If you are passionate about cloud technologies, thrive in complex technical environments, and excel at orchestrating large-scale programs, we want to hear from you!

Who You Are:

In this role, you will:

• Own and drive the HITRUST program end-to-end, ensuring alignment with HIPAA Security, Privacy, and Breach Notification Rules and obligations under Business Associate Agreements (BAAs)
• Define, document, and continuously refine the HITRUST control environment, including data flows, system boundaries, and trust zones for systems that store, process, or transmit electronic Protected Health Information (ePHI)
• Partner closely with Product, Engineering, Infrastructure, and Security teams to design and implement secure, scalable, and HIPAA-aligned solutions that meet HITRUST CSF requirements
• Lead HITRUST (e1/i1/r2) assessment readiness and certification efforts, including risk-based scoping, gap assessments, control maturity evaluations, and cross-functional remediation programs
• Act as the primary liaison for HITRUST External Assessors, managing assessment readiness, validated assessment processes, evidence collection, and certification lifecycle
• Ensure effective implementation of administrative, physical, and technical safeguards to protect ePHI in accordance with HIPAA and HITRUST requirements
• Drive continuous compliance and monitoring initiatives, including automation of evidence collection, control validation, and reporting across cloud-native and hybrid environments
• Translate HITRUST CSF, HIPAA, and contractual (BAA) requirements into actionable technical and operational controls, enabling secure-by-design architectures
• Support and enforce data protection principles such as minimum necessary access, encryption, secure transmission, audit logging, and incident response for ePHI
• Identify and implement opportunities to reduce compliance overhead and audit fatigue through control rationalization, inheritance, and alignment across frameworks (SOC 2, ISO 27001, NIST, etc.)
• Manage compliance and certification lifecycles, ensuring accurate tracking of controls, risks, corrective action plans (CAPs), and audit artifacts
• Continuously assess and improve control maturity, effectiveness, and risk posture, with a focus on protecting sensitive healthcare data
• Develop and maintain high-quality documentation (policies, standards, procedures, BAAs, and audit evidence) aligned with HITRUST and HIPAA requirements
• Track and communicate program health, compliance posture, risks, and remediation progress to internal stakeholders, leadership, and customer-facing teams
• Support customer assurance activities, including security questionnaires, due diligence requests, and discussions related to HITRUST certification and HIPAA compliance
• Mentor and guide junior team members and con