Information Security Risk and Compliance Analyst II
Information Security Risk and Compliance Analyst II
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Who we are
At CarGurus (NASDAQ: CARG) our mission is to give people the power to reach their destination. We started as a small team of developers determined to bring trust and transparency to car shopping. Since then our history of innovation and gotomarket acceleration has driven industryleading growth. In fact were the largest and fastestgrowing automotive marketplace and weve been profitable for over 15 years.
What we do
The market is evolving and we are too moving the entire automotive journey online and guiding our customers through every step. That includes everything from the sale of an old car to the financing purchase and delivery of a new one. Today tens of millions of consumers visit CarGurus each month and 30000 dealerships use our products. But theyre not the only ones who love CarGurusour employees do too. We have a peoplefirst culture that fosters kindness collaboration and innovation and empowers our Gurus with tools to fuel their career growth. Disrupting a trilliondollar industry requires fresh and diverse perspectives. Come join us for the ride!
Role overview
Meet CarGurusthe #1 visited online car shopping website in the US. At CarGurus were building the worlds most trusted and transparent automotive marketplace where its easy to find great deals from toprated dealers.
Working on the Information Security Risk and Compliance team theInformation Security Risk Analyst II position is responsible for the identification assessment measurement monitoring and management of technology risk related to compliance requirements.
The role will focus on measuring the efficacy and efficiency of controls across IT and Security audits rightsizing the design of controls for our environments and implementing these controls. This person will work closely with different teams internal and external auditors to fulfill control requirements by collecting evidence and demonstrating compliance. As part of the team this person will be responsible for helping maintain launch and monitor our security awareness programs inclusive of phishing and other security training.
A wellqualified candidate will be comfortable taking direction from senior members of the Risk and Compliance team and be able to work autonomously when given an assignment or project. The candidate must have strong written and verbal communication skills strong organization skills and a good understanding of cyber security principles concepts and risk management.
What youll do
- Maintain the framework controls in the GRC platform and ensure that appropriate documentation and evidence is uploaded
- Assist in conducting proof of concept(s) on new risk technology and assisting with implementation and onboarding of it
- Perform risk assessments and audits across all areas of the business including third party risk complying with regulatory controls such as SOX GDPR CPRA SOC 2 Type 1 and 2. etc.
- Document and develop risk mitigation plans and strategies for identified risks
- Develop and deliver security awareness training to the organization and assume responsibility that we are meeting compliance requirements
- Conduct thirdparty vendor partner and contractor security risk assessments
- Perform audits to test the design and operational effectiveness of IT General Controls
- Work closely with financial application owners to design document and implement controls
- Measure the efficacy and efficiency of controls and design improvements as necessary
- Right size the design of controls to fit our organizational environments
- Stay current with industry trends relating to cybersecurity privacy and risk
What youll bring
- Bachelors Degree or equivalent combination of education and experience in Information Security Computer Science Management Information Systems or related curriculum.
- 3 years of experience in risk management information security audit regulatory compliance and data privacy functions.
- Knowledge of frameworks/compliance regimes (e.g. CIS Controls NIST PCI SOX compliance).
- Proven experience working with control owners auditors and supporting the implementation of riskbased controls in cloudnative environments.
- Understanding of risk assessment methodologies frameworks procedures and the ability to work flexibly with them to meet organizational size maturity and culture considerations.
- Ability to gauge risks posed to the company based on contextual factors and the organizations risk tolerance.
- Knowledge of risk assessment tools technologies and methods.
- Ability to think strategically about security risks and tie those to tactical organizational activities and goals.
- Open to learning and working on new domains and technology.
- Ability to clearly articulate issues and communicate in an effective and personable manner.
- Ability to adjust quickly to the security needs of a highly agile organization.
- Experience building relationships crossfunctionally and facilitating good partnerships is critical in the role.
Working at CarGurus
We reward our Gurus curiosity and passion with bestinclass benefits and compensation including equity for all employees both when they start and as they continue to grow with us. Our career development and corporate giving programs as well as our employee resource groups (ERGs) and communities help people build connections while making an impact in personally meaningful ways. A flexible hybrid model and robust time off policies encourage worklife balance and individual wellbeing. Thoughtful perks like daily free lunch a new car discount meditation and fitness apps commuting cost coverage and more help our people create space for what matters most in their personal and professional lives.
We welcome all
CarGurus strives to be a place to which people can bring the ultimate expression of themselves and their potentialstarting with our hiring process. We do not discriminate based on race color religion national origin age sex marital status ancestry physical or mental disability veteran status gender identity or sexual orientation. We foster an inclusive environment that values people for their skills experiences and unique perspectives. Thats why we hope youll apply even if you dont check every box listed in the job description. We also encourage you to tell your recruiter if you require accommodations to participate in our hiring process due to a disability so we can provide the appropriate support. We want to know what only you can bring to CarGurus. #LIHybrid
Required Experience:
IC
Employment Type
Full Time
