Senior Information Security Manager
Company: Cargurus
Location: Cambridge
Posted on: May 14, 2022
Job Description:
Car shopping is complicated. At CarGurus, we use data and
technology to make it simple, giving people the tools, they need to
confidently find, buy, finance, or sell a car. The best part? Our
work makes a real impact. We re the most-visited car-shopping site
in the US and we are growing fast in our international markets.
Ready to come along for the ride? The Senior Information Security
Manager will report to our Vice President of Information Security
and Technology. They will be responsible for leading a team of
top-talent security engineers and analysts in the information
security applications, operations, risk, and compliance functions.
The qualified candidate provides direction for the development,
implementation, and maintenance of CarGurus s Information Security
program. A solid understanding of security industry standards and
the ability to apply them to applicable laws and regulations is a
key requirement for this role. They must be able to quickly assess
the world s ever changing security landscape and make practical
decisions about potential risks and threats to the business.
Policies, procedures, and the CarGurus Information Security
framework need to adapt and evolve as part of the changes. Working
with key business partners including the Information Technology and
Security teams to establish the right balance in policy and
procedural development is crucial. CarGurus prides itself on
teamwork and collaboration. They need to have a security-first
approach when working with products and engineering. Helping build
a culture of privacy and security focused products and engineers
through education on standards and best practices requires an
individual that is willing to put themselves out on center stage
and embrace the spotlight! The person must have prior experience in
a large-scale SaaS environment. CarGurus runs at a fast pace, and
they will need to be able to think quickly on their feet especially
when security events arise. What You'll Do:
- Manage all Information Security team members.
- Provide mentorship and coaching for rising leaders on the
team.
- Hire strong security professionals and help foster CarGurus
on-ramp and co-op programs.
- Conduct annual performance evaluations, build personal
development and onboarding plans.
- Form solid, collaborative relationships with peers and key
partners across the business.
- Orchestrate a security architecture guild and transfer
ownership to Information Security Leads.
- Maintain oversight of technical regulatory and compliance
requirements.
- Ensure security is embedded in the minds and culture of all
employees. This includes supervising security vulnerabilities to
our business and driving awareness through training.
- Help manage vendor relationships and participate in annual
budget planning.
- Set forth long-term Information Security strategic plans while
including tactical tasks and goals. Communicate them to key
partners. Technical Qualifications:
- Bachelor s Degree or equivalent combination of education and
experience in Information Security or Computer Science.
- demonstrated ability as a manager with at least 7 years of
information security experience.
- Industry certifications such as GIAC certifications (GSLC,
GSTRT, GLEG) and others; CISM, CISA, CRISC, are nice to have.
- Experience with privacy and security compliance and risk
management frameworks (GDPR, CPRA, ISO, NIST, PCI-DSS, etc.)
- Prior experience with system audits and IT reporting for SOX
and SOC compliance.
- Supervise security controls and the evolution of the company s
Information Security maturity.
- Work closely with the Director of IT on the implementation of
large-scale projects and cross-functional initiatives.
- Understand the foundations of cloud and application security.
Experience with GCP, AWS or Azure.
- Solid understanding of RBAC models, SSO solutions, identity
stores and directory services (SAML 2, OAuth 2, OIDC).
- Provide feedback to Leads on technical solutions while allowing
them the flexibility to make the technical decisions.
- Proven track record of authoring and maintaining security
policies, standards, and procedures. Non-technical Qualifications:
- Must be able to prioritize projects and tasks in a pragmatic
way while understanding the critical impacts and downstream
implications to the business. Attention to details and project
management skills are required.
- Work with Team Leads to a build year and quarterly roadmaps.
Present roadmaps to key partners, gain agreement and ensure
alignment on initiatives.
- Being well organized is a must!
- Clearly articulate issues and communicate in an effective and
personable manner.
- Experience presenting technical issues to leadership in a
digestible way.
- Adjust quickly to the security needs of a highly agile
organization, must be flexible and adaptable to change.
- Love to learn and grow. CarGurus Culture: Research shows that
while men apply to jobs when they meet an average of 60% of the
criteria, women and other marginalized folks tend to only apply
when they check every box. So if you think you have what it takes,
but don't necessarily meet every single point on the job
description, please still get in touch. We'd love to have a chat
and see if you could be a great fit. At CarGurus, we invest in our
people s professional growth with everything from learning and
development programs to tuition reimbursement. Want to work on
projects that expand your skill set without sacrificing your
work/life balance? You got it. We also strive to provide perks and
benefits that employees actually care about like free lunch,
commuter subsidies, and more. That includes equity in the company
our way of showing that we want you here for the long haul. We work
hard every day to build the world s most trusted and transparent
automotive marketplace, but trust and transparency don t just apply
to our consumers. They extend to our talent, too. We aim to create
a workplace where everyone feels they can bring the ultimate
expression of themselves and their potential where you don t just
fit, you thrive. We don t discriminate based on race, color,
religion, national origin, age, sex, marital status, ancestry,
physical or mental disability, veteran status, gender identity, or
sexual orientation. We recognize that flexibility plays a critical
role in enabling our people to thrive in both their personal and
professional lives. We currently welcome Gurus into our Cambridge,
MA office on a voluntary basis but do not require employees to
physically be in the office. We will adopt a hybrid working model
when health experts and government officials in our local
communities deem it safe to do so. Specific arrangements within
this model will be up to team leaders discretion; we encourage you
to discuss your questions and needs during the interview
process.All US CarGurus employees are required to provide proof of
full vaccination against COVID-19, unless they have an approved
medical or religious accommodation. This helps us to safeguard the
health of our employees and their families, our customers and
visitors, and the community at large.#LI-Hybrid
Keywords: Cargurus, Cambridge , Senior Information Security Manager, Executive , Cambridge, Massachusetts
Didn't find what you're looking for? Search again!
Loading more jobs...