Events  Classes  Deals  Spaces  Jobs 
    Sign in  
 
 
CarGurus // online platform for used cars
 
Cambridge, MA    Posted: Friday, June 07, 2019
 
   
 
Apply To Job
 
 
JOB DETAILS
 

Meet CarGurusthe #1 visited online car shopping website in the US. At CarGurus, were building the worlds most trusted & transparent automotive marketplace where its easy to find great deals from top-rated dealers.

Founded in 2006 by Langley Steinert (co-founder of TripAdvisor), CarGurus is a technology company with a passion for data & its power to simplify every aspect of the car shopping experience. Using proprietary technology, search algorithms & innovative data analytics, we provide unbiased validation on pricing, dealer reputation & vehicle history.

The Security Governance Analyst is charged with assisting the organization with the identification, assessment, measurement, monitoring & management of risk. The Analyst will focus primarily on the maintenance of an effective Enterprise Governance Risk & Compliance (GRC) program & facilitate the identification of risks, ensuring proper mechanisms are in place to manage the identified risks. The ideal candidate will be up to the challenge of developing security policies & standards, risk frameworks, & processes in an innovative & flexible way to support fast-paced & empowered environments.

This role will work closely with Information Security leadership to implement the procedures & controls necessary to ensure & protect the safety & security of information systems, assets, & customer data. A well-qualified candidate will be comfortable working with executive & technical leadership to embed a risk & security focused mindset in all areas.

This role covers security, privacy, financial & other enterprise-wide operational risks for the following activities: risk assessment & treatment, monitoring, management, & mitigation; policy, standards, & control design & implementation; risk management (including third party risk); training & awareness; and, business continuity planning & disaster recovery programs.

The candidate must have strong written & verbal communication skills, strong organization skills & a good understanding of cyber security principles & concepts.

What You'll Do:

  • Develop a risk framework & processes that allow for effective risk monitoring, management & mitigation, while still facilitating innovative, fast-moving, empowered cultures.
  • Perform risk assessment & risk management activities across the company.
  • Manage vendor relationships (from a risk & security perspective).
  • Lead risk-focused culture & process change through training & interaction with key leaders.
  • Work closely with leaders in IT & Operations functional areas to ensure security standards, policies, & procedures are deeply embedded & understood.
  • Be part of a team that promotes risk & security awareness & training programs.
  • Develop & implement a risk reporting framework for management teams & governance committees.
  • Willingness to learn & stay current with industry trends relating to cyber security, privacy & risk.

Who You Are:

  • Ability to determine risk based on context
  • Ability to clearly articulate issues & communicate in an effective & personable manner
  • Ability to adjust quickly to the security needs of a highly agile organization
  • Bachelors Degree or equivalent combination of education & experience in Information Security, Computer Science, Management Information Systems or related curriculum.
  • Experience in risk management, information security, privacy or a data protection or assurance-related function.
  • Technical & Functional experience in domain of Governance, Enterprise Risk Management & Regulatory Compliance
  • Knowledge of the following frameworks/compliance regimes; ISO, NIST, PCI, SOX, & GDPR compliance
  • Proven understanding of risk assessment methodologies, frameworks, & procedures & the ability to work flexibly with them to meet organizational size, maturity, & culture considerations
  • Experience building network of relationships across functions & to liaise with senior management
  • Knowledge of risk assessment tools, technologies & methods
  • Ability to think strategically about security risks & tie those to tactical organizational activities
  • Open to learning & working on new domains & technology
  • Experience planning, researching & developing security policies, standards & procedures
  • Ability to manage all aspects of large-scale projects to bring about organizational change

At the core of our company culture is a spirit of innovation, curiosity & collaboration. True to our start-up roots, were nimble, flexible & hardworking. We have a great respect for testing & learning & a healthy aversion to scheduling meetings to discuss meetings. Lunch is catered daily. Gym membership is free. Foosball & ping pong are played often. Now a publicly-traded company, were as committed as ever to cultivating the culture that got us here.

In addition to the US, CarGurus operates sites in Canada, the UK & Germany with other markets on the horizon. Our offices are located in Cambridge, MA, Detroit, MI & Dublin, Ireland. If youd like to learn more, please visit our careers page.

 
 
 
Apply To Job
 
 
 
 
 
© 2019 GarysGuide      About    Feedback    Press    Terms
 
Sponsor Gary's (World Famous) Red Tie