Senior Security Risk Analyst
Car shopping is complicated. At CarGurus, we use data and technology to make it simple, giving people the tools they need to confidently find, buy, finance, or sell a car. The best part? Our work makes a real impact. We’re the most-visited car-shopping site in the US and we are growing fast in our international markets. Ready to come along for the ride?
Working on the Risk and Compliance team, this person is charged with assisting the organization with the identification, assessment, measurement, monitoring and management of risk.
The Analyst will focus primarily on the IT and Security segments of our SOX audits, and conduct vendor and partner security risk assessments. We want to support a fast-paced culture in innovative and flexible ways to empower employees to make smart security decisions.
This role will work closely senior members of the Information Security team to to implement the procedures and controls necessary to ensure and protect the safety and security of information systems, assets, and customer data. A well-qualified candidate will be comfortable working with executive and technical leadership to instill the importance of security risk management in all areas of the business. This individual will assist in managing all security, privacy, financial and other enterprise-wide operational risks. Responsibilities include risk assessment, monitoring, and management; design and implementation of policies, standards, and controls; maintaining and ensuring compliance of the organization’s security awareness training program.
The candidate must have strong written and verbal communication skills, strong organization skills and a good understanding of cyber security principles, concepts, and risk management.
What You'll Do:
- Implement processes based on the organization’s defined risk framework that support the total lifecycle of risk management program.
- Perform risk assessments and audits across all areas of the business.
- Facilitate risk mitigation by working with key business stakeholders allow while promoting an agile, innovative culture.
- Closely monitor risks and escalate when appropriate to Information Security leadership.
- Conduct third-party vendor security and risk assessments.
- Work with Sales to perform security assessment reviews for customers and prospects.
- Lead risk-focused culture and process change through training and interaction with key leaders.
- Work closely with IT and Operations departments to ensure security standards, policies, and procedures are deeply embedded and understood.
- Be part of a team that promotes security training programs.
- Develop and implement a risk reporting framework for management teams and governance committees.
- Must have an appetite for continuous learning and stay current with industry trends relating to cyber security, privacy and risk.
Who You Are:
- Bachelor’s Degree or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems or related curriculum.
- 5-7 years of experience in Risk Management
- Experience in risk management, information security, and data privacy functions.
- Technical and functional experience in domain of Governance, Audit, Risk Management and Regulatory Compliance
- Knowledge of the following frameworks/compliance regimes; CIS Controls, NIST, PCI, SOX, CCPA/CPRA, and GDPR compliance
- Proven understanding of risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture considerations
- Ability to gauge risks posed to the company, based on contextual factors and the organization’s risk tolerance
- Knowledge of risk assessment tools, technologies and methods
- Ability to think strategically about security risks and tie those to tactical organizational activities and goals
- Open to learning and working on new domains and technology
- Experience planning, researching and developing security policies, standards and procedures
- Ability to clearly articulate issues and communicate in an effective and personable manner
- Ability to adjust quickly to the security needs of a highly agile organization
- Ability to manage all aspects of large-scale projects to bring about organizational change
- Experience building network of relationships across functions and to inform and liaise with senior management
CarGurus Culture:
Research shows that while men apply to jobs when they meet an average of 60% of the criteria, women and other marginalized folks tend to only apply when they check every box. So if you think you have what it takes, but don't necessarily meet every single point on the job description, please still get in touch. We'd love to have a chat and see if you could be a great fit.
At CarGurus, we invest in our people’s professional growth with everything from learning and development programs to tuition reimbursement. Want to work on projects that expand your skill set without sacrificing your work/life balance? You got it. We also strive to provide perks and benefits that employees actually care about like free lunch, commuter subsidies, and more. That includes equity in the company—our way of showing that we want you here for the long haul.
We work hard every day to build the world’s most trusted and transparent automotive marketplace, but trust and transparency don’t just apply to our consumers. They extend to our talent, too. We aim to create a workplace where everyone feels they can bring the ultimate expression of themselves and their potential—where you don’t just fit, you thrive. We don’t discriminate based on race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.
We recognize that flexibility plays a critical role in enabling our people to thrive in both their personal and professional lives. We currently welcome Gurus into our Cambridge, MA office on a voluntary basis but do not require employees to physically be in the office. We will adopt a hybrid working model when health experts and government officials in our local communities deem it safe to do so. Specific arrangements within this model will be up to team leaders’ discretion; we encourage you to discuss your questions and needs during the interview process.
All US CarGurus employees are required to provide proof of full vaccination against COVID-19, unless they have an approved medical or religious accommodation. This helps us to safeguard the health of our employees and their families, our customers and visitors, and the community at large.
#LI-Hybrid