Security Governance Analyst
Meet CarGurus—the #1 visited online car shopping website in the US. At CarGurus, we’re building the world’s most trusted and transparent automotive marketplace where it’s easy to find great deals from top-rated dealers.
Founded in 2006 by Langley Steinert (co-founder of TripAdvisor), CarGurus is a technology company with a passion for data and its power to simplify every aspect of the car shopping experience. Using proprietary technology, search algorithms and innovative data analytics, we provide unbiased validation on pricing, dealer reputation and vehicle history.
The Security Governance Analyst is charged with assisting the organization with the identification, assessment, measurement, monitoring and management of risk. The Analyst will focus primarily on the maintenance of an effective Enterprise Governance Risk and Compliance (GRC) program and facilitate the identification of risks, ensuring proper mechanisms are in place to manage the identified risks. The ideal candidate will be up to the challenge of developing security policies and standards, risk frameworks, and processes in an innovative and flexible way to support fast-paced and empowered environments.
This role will work closely with Information Security leadership to implement the procedures and controls necessary to ensure and protect the safety and security of information systems, assets, and customer data. A well-qualified candidate will be comfortable working with executive and technical leadership to embed a risk and security focused mindset in all areas.
This role covers security, privacy, financial and other enterprise-wide operational risks for the following activities: risk assessment and treatment, monitoring, management, and mitigation; policy, standards, and control design and implementation; risk management (including third party risk); training and awareness; and, business continuity planning and disaster recovery programs.
The candidate must have strong written and verbal communication skills, strong organization skills and a good understanding of cyber security principles and concepts.
What You'll Do:
- Develop a risk framework and processes that allow for effective risk monitoring, management and mitigation, while still facilitating innovative, fast-moving, empowered cultures.
- Perform risk assessment and risk management activities across the company.
- Manage vendor relationships (from a risk and security perspective).
- Lead risk-focused culture and process change through training and interaction with key leaders.
- Work closely with leaders in IT and Operations functional areas to ensure security standards, policies, and procedures are deeply embedded and understood.
- Be part of a team that promotes risk and security awareness and training programs.
- Develop and implement a risk reporting framework for management teams and governance committees.
- Willingness to learn and stay current with industry trends relating to cyber security, privacy and risk.
Who You Are:
- Ability to determine risk based on context
- Ability to clearly articulate issues and communicate in an effective and personable manner
- Ability to adjust quickly to the security needs of a highly agile organization
- Bachelor’s Degree or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems or related curriculum.
- Experience in risk management, information security, privacy or a data protection or assurance-related function.
- Technical and Functional experience in domain of Governance, Enterprise Risk Management and Regulatory Compliance
- Knowledge of the following frameworks/compliance regimes; ISO, NIST, PCI, SOX, and GDPR compliance
- Proven understanding of risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture considerations
- Experience building network of relationships across functions and to liaise with senior management
- Knowledge of risk assessment tools, technologies and methods
- Ability to think strategically about security risks and tie those to tactical organizational activities
- Open to learning and working on new domains and technology
- Experience planning, researching and developing security policies, standards and procedures
- Ability to manage all aspects of large-scale projects to bring about organizational change
At the core of our company culture is a spirit of innovation, curiosity and collaboration. True to our start-up roots, we’re nimble, flexible and hardworking. We have a great respect for testing and learning and a healthy aversion to scheduling meetings to discuss meetings. Lunch is catered daily. Gym membership is free. Foosball and ping pong are played often. Now a publicly-traded company, we’re as committed as ever to cultivating the culture that got us here.
In addition to the US, CarGurus operates sites in Canada, the UK and Germany with other markets on the horizon. Our offices are located in Cambridge, MA, Detroit, MI and Dublin, Ireland. If you’d like to learn more, please visit our careers page.