Principal Information Security Risk Analyst at CarGurus
Car shopping is complicated. At CarGurus, we use data and technology to make it simple, giving people the tools they need to confidently find, buy, finance, or sell a car. The best part? Our work makes a real impact. We’re the most-visited car-shopping site in the US and we are growing fast in our international markets. Ready to come along for the ride?
CarGurus Information Security team is growing! We are looking to hire a Principal Information Security Risk Analyst to join our team. This role will report to our InfoSec Manager and help build out our risk program. This position will require constant collaboration with both technical and non technical colleagues. We expect this person to help define an effective Governance, Risk, and Compliance (GRC) program as well as help promote this program across the company.
What You’ll Do:
- Work and partner with the information security team to implement best in class policies, procedures and controls in order to protect the safety and security of CarGurus.
- Communicate effectively across all levels of the organization.
- Manage risk assessments, monitoring and information management.
- Help design and deliver CarGurus security awareness training program.
- Perform risk assessments and audits across all areas of the business.
- Closely monitor risks and escalate when appropriate to Information Security leadership.
- Conduct third-party vendor security and risk assessments.
- Work closely with IT and Operations departments to ensure security standards, policies, and procedures are deeply embedded and understood.
What You Will Bring:
- 5-7 years of professional experience relating to Information Security.
- Technical and functional experience in domain of Governance, Audit, Risk Management and Regulatory Compliance.
- Knowledge of the following frameworks/compliance regimes; CIS Controls, NIST, PCI, SOX, CCPA/CPRA, and GDPR compliance.
- Proven understanding of risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture considerations.
- Ability to gauge risks posed to the company, based on contextual factors and the organization’s risk tolerance.
- Knowledge of risk assessment tools, technologies and methods.
- Ability to think strategically about security risks and tie those to tactical organizational activities and goals.
- An interest in continued professional development.
- Experience planning, researching and developing security policies, standards and procedures.
- Ability to adjust quickly to the security needs of a highly agile organization.
- Ability to manage all aspects of large-scale projects to bring about organizational change.
- Experience building network of relationships across functions and to inform and liaise with senior management.
At CarGurus, we invest in our people’s professional growth with everything from learning and development programs to tuition reimbursement. Want to work on projects that expand your skill set without sacrificing your work/life balance? You got it. We also strive to provide perks and benefits that employees actually care about like free lunch, commuter subsidies, and more. That includes equity in the company—our way of showing that we want you here for the long haul.
We work hard every day to build the world’s most trusted and transparent automotive marketplace, but trust and transparency don’t just apply to our consumers. They extend to our talent, too. We aim to create a workplace where everyone feels they can bring the ultimate expression of themselves and their potential—where you don’t just fit, you thrive. We don’t discriminate based on race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.
In addition to the US, CarGurus operates sites in Canada and the UK. We have offices in Cambridge, MA; Detroit, MI; Dublin, Ireland; San Francisco, CA and London, UK. Check out our careers page to learn more.