Director, Information Security
Car shopping is complicated. At CarGurus, we use data and technology to make it simple, giving people the tools they need to confidently find, buy, finance, or sell a car. The best part? Our work makes a real impact. We’re the most-visited car-shopping site in the US and we are growing fast in our international markets. Ready to come along for the ride?
Our Director of Information Security will continue to build and improve CarGurus Information Security Program! You will be leading a team of experienced employees; driving relationships with our security vendors/contracts; and collaborating with engineering and business leaders across the organization.
What You'll Do:
- Further develop CarGurus’s information security program and strategy to protect against cybersecurity threats and maintain compliance with rules and regulations
- Direct a team to implement and own a comprehensive information security and compliance strategy
- Build partnerships with peers across IT, Engineering, Product, Legal, and others to accomplish joint projects
- Lead all aspects of regulatory compliance (SOX, GDPR/CCPA, etc.), vulnerability management, SOC monitoring, incident response and risk management.
- Ensure that all enterprise software, processes, procedures, and systems are properly crafted and maintained to ensure company security posture meets or exceeds relevant compliance standards
- Supply security expertise to product development process
- Create initiatives to ensure production website infrastructure (data center and cloud), corporate infrastructure follow cybersecurity and information security standards.
- Ensure security policy is reviewed, updated and communicated according to changing threat and regulatory landscape
- Educate key business partners and communicate about new threats, industry trends, and applicable laws related to security.
- Monitor, identify and mitigate security incidents, compliance issues, insider threats, security team’s operational inefficiencies, application/network/infrastructure and other vulnerabilities
- Ensure CarGurus meets the requirements of both domestic and international compliance regulations including SOX, SOC (re: service organizations), PCI, GDPR and state privacy laws (Mass. Data Privacy - 201 CMR 17.00, CCPA)
- Identify and manage software/tools/vendor relations that can increase CarGurus’s security posture and threat intelligence
- Lead projects to improve data protection, privacy processes, and initiatives resulting from threat intelligence
- Lead company-wide information security compliance training program, including updating relevant employee policies
- Help build, manage, and develop/mentor the Information Security team with an eye toward empowerment, relationship building, and career growth.
Who You Are:
- 10+ years of Information/Cybersecurity experience
- 3+ years of people management experience (can be concurrent with other experience)
- Experience leading vendors/partners relations
- Excellent communication and teamwork skills
- BA or BS degree in Information Security, Cybersecurity, Computer Science or another related degree
- Experience designing comprehensive security programs for SaaS applications and Corporate environments including Security Assessments, Penetration Testing, Risk Management, Vulnerability Management, Security Monitoring (SOC/SIEM), Incident Response, Security Training, Privacy, and Compliance Programs
- Demonstrable experience of DevSecOps
Required Technical Skills:
- Application Security
- Vulnerability Management
- Penetration Testing
- OS/Device Hardening and Remediation
- Identity & Access Management/PAM
- Compliance Standards (SOX, GDPR, PCI, CCPA, MA 201 CMR 17)
- Security Frameworks (NIST, CIS, CSA, ISO)
At CarGurus, we invest in our people’s professional growth with everything from learning and development programs to tuition reimbursement. Want to work on projects that expand your skill set without sacrificing your work/life balance? You got it. We also strive to provide perks and benefits that employees actually care about like free lunch, commuter subsidies, and more. That includes equity in the company—our way of showing that we want you here for the long haul.
We work hard every day to build the world’s most trusted and transparent automotive marketplace, but trust and transparency don’t just apply to our consumers. They extend to our talent, too. We aim to create a workplace where everyone feels they can bring the ultimate expression of themselves and their potential—where you don’t just fit, you thrive. We don’t discriminate based on race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.
In addition to the US, CarGurus operates sites in Canada and the UK. We have offices in Cambridge, MA; Detroit, MI; Dublin, Ireland; San Francisco, CA and London, UK. Check out our careers page to learn more.