Meet CarGurusthe #1 visited online car shopping website in the US. At CarGurus, were building the worlds most trusted & transparent automotive marketplace where its easy to find great deals from top-rated dealers.
Founded in 2006 by Langley Steinert (co-founder of TripAdvisor), CarGurus is a technology company with a passion for data & its power to simplify every aspect of the car shopping experience. Using proprietary technology, search algorithms & innovative data analytics, we provide unbiased validation on pricing, dealer reputation & vehicle history.
The Security Governance Analyst is charged with assisting the organization with the identification, assessment, measurement, monitoring & management of risk. The Analyst will focus primarily on the maintenance of an effective Enterprise Governance Risk & Compliance (GRC) program & facilitate the identification of risks, ensuring proper mechanisms are in place to manage the identified risks. The ideal candidate will be up to the challenge of developing security policies & standards, risk frameworks, & processes in an innovative & flexible way to support fast-paced & empowered environments.
This role will work closely with Information Security leadership to implement the procedures & controls necessary to ensure & protect the safety & security of information systems, assets, & customer data. A well-qualified candidate will be comfortable working with executive & technical leadership to embed a risk & security focused mindset in all areas.
This role covers security, privacy, financial & other enterprise-wide operational risks for the following activities: risk assessment & treatment, monitoring, management, & mitigation; policy, standards, & control design & implementation; risk management (including third party risk); training & awareness; and, business continuity planning & disaster recovery programs.
The candidate must have strong written & verbal communication skills, strong organization skills & a good understanding of cyber security principles & concepts.
What You'll Do:
- Develop a risk framework & processes that allow for effective risk monitoring, management & mitigation, while still facilitating innovative, fast-moving, empowered cultures.
- Perform risk assessment & risk management activities across the company.
- Manage vendor relationships (from a risk & security perspective).
- Lead risk-focused culture & process change through training & interaction with key leaders.
- Work closely with leaders in IT & Operations functional areas to ensure security standards, policies, & procedures are deeply embedded & understood.
- Be part of a team that promotes risk & security awareness & training programs.
- Develop & implement a risk reporting framework for management teams & governance committees.
- Willingness to learn & stay current with industry trends relating to cyber security, privacy & risk.
Who You Are:
- Ability to determine risk based on context
- Ability to clearly articulate issues & communicate in an effective & personable manner
- Ability to adjust quickly to the security needs of a highly agile organization
- Bachelors Degree or equivalent combination of education & experience in Information Security, Computer Science, Management Information Systems or related curriculum.
- Experience in risk management, information security, privacy or a data protection or assurance-related function.
- Technical & Functional experience in domain of Governance, Enterprise Risk Management & Regulatory Compliance
- Knowledge of the following frameworks/compliance regimes; ISO, NIST, PCI, SOX, & GDPR compliance
- Proven understanding of risk assessment methodologies, frameworks, & procedures & the ability to work flexibly with them to meet organizational size, maturity, & culture considerations
- Experience building network of relationships across functions & to liaise with senior management
- Knowledge of risk assessment tools, technologies & methods
- Ability to think strategically about security risks & tie those to tactical organizational activities
- Open to learning & working on new domains & technology
- Experience planning, researching & developing security policies, standards & procedures
- Ability to manage all aspects of large-scale projects to bring about organizational change
At the core of our company culture is a spirit of innovation, curiosity & collaboration. True to our start-up roots, were nimble, flexible & hardworking. We have a great respect for testing & learning & a healthy aversion to scheduling meetings to discuss meetings. Lunch is catered daily. Gym membership is free. Foosball & ping pong are played often. Now a publicly-traded company, were as committed as ever to cultivating the culture that got us here.
In addition to the US, CarGurus operates sites in Canada, the UK & Germany with other markets on the horizon. Our offices are located in Cambridge, MA, Detroit, MI & Dublin, Ireland. If youd like to learn more, please visit our careers page.