Director of Information Security at CarGurus
Meet CarGurus—the #1 visited online car shopping website in the US. At CarGurus, we’re building the world’s most trusted and transparent automotive marketplace where it’s easy to find great deals from top-rated dealers.
Founded in 2006 by Langley Steinert (co-founder of TripAdvisor), CarGurus is a technology company with a passion for data and its power to simplify every aspect of the car shopping experience. Using proprietary technology, search algorithms and innovative data analytics, we provide unbiased validation on pricing, dealer reputation and vehicle history.
The Director of Information Security will be responsible for leading a team of full time and vendor/contractors. You will be responsible for the cyber security program that will protect the business from external and internal threats. Ensuring operationally, we meet the requirements of both domestic and international compliance regulations including GDPR, Privacy Shield, PCI, Mass. Data Privacy (201 CMR 17.00), and SOX. The ideal candidate will be an insightful leader who has proven technical experience and strong leadership skills.
What You'll Do:
- Formulating and leading a team in implementing and managing a comprehensive strategy that protects us from cyber security threats
- Ensure that all company software, process, procedures, computer architecture and application code are properly designed and maintained to ensure company security and/or compliance standards
- Educate and communicate to key stakeholders of new threats, industry trends, and applicable laws related to security thru reports, presentations and key metrics
- Identify and mitigate security incidents, compliance issues, security team’s operational inefficiencies, application vulnerabilities, network/infrastructure and other vulnerabilities
- Identify software/tools/vendors that can increase the organization's security posture and/or threat intelligence
- Lead projects to improve data collection and interpretation processes and initiatives regarding threat intelligence
- Monitor, research, analyze, brief, and develop mitigation for security threats
Who You Are:
- 7+ years of Information/Cyber Security Experience
- Experience leading staff and vendors/partners
- BA or BS degree in Information Security, Cyber Security, Computer Science or other related degree
- Knowledge of PCI, SOX, and GDPR compliance
- Knowledge of designing a comprehensive security programs for SaaS applications and Corporate environments including Security Assessments, PEN Tests, Risk Management, Threat Intelligence, Vulnerability Management, Incident and Response, Security Training, Privacy and Compliance Programs
At the core of our company culture is a spirit of innovation, curiosity and collaboration. True to our start-up roots, we’re nimble, flexible and hardworking. We have a great respect for testing and learning and a healthy aversion to scheduling meetings to discuss meetings. Lunch is catered daily. Gym membership is free. Foosball and ping pong are played often. Now a publicly-traded company, we’re as committed as ever to cultivating the culture that got us here.
In addition to the US, CarGurus operates sites in Canada, the UK and Germany with other markets on the horizon. Our offices are located in Cambridge, MA, Detroit, MI and Dublin, Ireland. If you’d like to learn more, please visit our careers page.