Car shopping is complicated. At CarGurus, we use data & technology to make it simple, giving people the tools, they need to confidently find, buy, finance, or sell a car. The best part? Our work makes a real impact. Were the most-visited car-shopping site in the US & we are growing fast in our international markets. Ready to come along for the ride? 

The Senior Information Security Manager will report to our Vice President of Information Security & Technology. They will be responsible for leading a team of top-talent security engineers & analysts in the information security applications, operations, risk, & compliance functions. The qualified candidate provides direction for the development, implementation, & maintenance of CarGuruss Information Security program. A solid understanding of security industry standards & the ability to apply them to applicable laws & regulations is a key requirement for this role. 

They must be able to quickly assess the worlds ever changing security landscape & make practical decisions about potential risks & threats to the business. Policies, procedures, & the CarGurus Information Security framework need to adapt & evolve as part of the changes. Working with key business partners including the Information Technology & Security teams to establish the right balance in policy & procedural development is crucial. CarGurus prides itself on teamwork & collaboration.  

They need to have a security-first approach when working with products & engineering. Helping build a culture of privacy & security focused products & engineers through education on standards & best practices requires an individual that is willing to put themselves out on center stage & embrace the spotlight!  

The person must have prior experience in a large-scale SaaS environment. CarGurus runs at a fast pace, & they will need to be able to think quickly on their feet especially when security events arise.  

What You'll Do:  

• Manage all Information Security team members. 
• Provide mentorship & coaching for rising leaders on the team. 
• Hire strong security professionals & help foster CarGurus on-ramp & co-op programs. 
• Conduct annual performance evaluations, build personal development & onboarding plans. 
• Form solid, collaborative relationships with peers & key partners across the business. 
• Orchestrate a security architecture guild & transfer ownership to Information Security Leads. 
• Maintain oversight of technical regulatory & compliance requirements. 
• Ensure security is embedded in the minds & culture of all employees. This includes supervising security vulnerabilities to our business & driving awareness through training. 
• Help manage vendor relationships & participate in annual budget planning. 
• Set forth long-term Information Security strategic plans while including tactical tasks & goals. Communicate them to key partners. 

Technical Qualifications:  

• Bachelors Degree or equivalent combination of education & experience in Information Security or Computer Science. 
• demonstrated ability as a manager with at least 7 years of information security experience. 
• Industry certifications such as GIAC certifications (GSLC, GSTRT, GLEG) & others; CISM, CISA, CRISC, are nice to have. 
• Experience with privacy & security compliance & risk management frameworks (GDPR, CPRA, ISO, NIST, PCI-DSS, etc.) 
• Prior experience with system audits & IT reporting for SOX & SOC compliance. 
• Supervise security controls & the evolution of the companys Information Security maturity. 
• Work closely with the Director of IT on the implementation of large-scale projects & cross-functional initiatives.
• Understand the foundations of cloud & application security. Experience with GCP, AWS or Azure. 
• Solid understanding of RBAC models, SSO solutions, identity stores & directory services (SAML 2, OAuth 2, OIDC). 
• Provide feedback to Leads on technical solutions while allowing them the flexibility to make the technical decisions. 
• Proven track record of authoring & maintaining security policies, standards, & procedures. 

Non-technical Qualifications:  

• Must be able to prioritize projects & tasks in a pragmatic way while understanding the critical impacts & downstream implications to the business. Attention to details & project management skills are required. 
• Work with Team Leads to a build year & quarterly roadmaps. Present roadmaps to key partners, gain agreement & ensure alignment on initiatives. 
• Being well organized is a must! 
• Clearly articulate issues & communicate in an effective & personable manner. 
• Experience presenting technical issues to leadership in a digestible way. 
• Adjust quickly to the security needs of a highly agile organization, must be flexible & adaptable to change. 
• Love to learn & grow. 

CarGurus Culture: 

Research shows that while men apply to jobs when they meet an average of 60% of the criteria, women & other marginalized folks tend to only apply when they check every box. So if you think you have what it takes, but don't necessarily meet every single point on the job description, please still get in touch. We'd love to have a chat & see if you could be a great fit.  

At CarGurus, we invest in our peoples professional growth with everything from learning & development programs to tuition reimbursement. Want to work on projects that expand your skill set without sacrificing your work/life balance? You got it. We also strive to provide perks & benefits that employees actually care about like free lunch, commuter subsidies, & more. That includes equity in the companyour way of showing that we want you here for the long haul. 

We work hard every day to build the worlds most trusted & transparent automotive marketplace, but trust & transparency dont just apply to our consumers. They extend to our talent, too. We aim to create a workplace where everyone feels they can bring the ultimate expression of themselves & their potentialwhere you dont just fit, you thrive. We dont discriminate based on race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.