Senior Information Security Manager

Company: Cargurus
Location: Cambridge
Posted on: May 14, 2022

Job Description:

Car shopping is complicated. At CarGurus, we use data and technology to make it simple, giving people the tools, they need to confidently find, buy, finance, or sell a car. The best part? Our work makes a real impact. We re the most-visited car-shopping site in the US and we are growing fast in our international markets. Ready to come along for the ride? The Senior Information Security Manager will report to our Vice President of Information Security and Technology. They will be responsible for leading a team of top-talent security engineers and analysts in the information security applications, operations, risk, and compliance functions. The qualified candidate provides direction for the development, implementation, and maintenance of CarGurus s Information Security program. A solid understanding of security industry standards and the ability to apply them to applicable laws and regulations is a key requirement for this role. They must be able to quickly assess the world s ever changing security landscape and make practical decisions about potential risks and threats to the business. Policies, procedures, and the CarGurus Information Security framework need to adapt and evolve as part of the changes. Working with key business partners including the Information Technology and Security teams to establish the right balance in policy and procedural development is crucial. CarGurus prides itself on teamwork and collaboration. They need to have a security-first approach when working with products and engineering. Helping build a culture of privacy and security focused products and engineers through education on standards and best practices requires an individual that is willing to put themselves out on center stage and embrace the spotlight! The person must have prior experience in a large-scale SaaS environment. CarGurus runs at a fast pace, and they will need to be able to think quickly on their feet especially when security events arise. What You'll Do:

• Manage all Information Security team members.
• Provide mentorship and coaching for rising leaders on the team.
• Hire strong security professionals and help foster CarGurus on-ramp and co-op programs.
• Conduct annual performance evaluations, build personal development and onboarding plans.
• Form solid, collaborative relationships with peers and key partners across the business.
• Orchestrate a security architecture guild and transfer ownership to Information Security Leads.
• Maintain oversight of technical regulatory and compliance requirements.
• Ensure security is embedded in the minds and culture of all employees. This includes supervising security vulnerabilities to our business and driving awareness through training.
• Help manage vendor relationships and participate in annual budget planning.
• Set forth long-term Information Security strategic plans while including tactical tasks and goals. Communicate them to key partners. Technical Qualifications:
  • Bachelor s Degree or equivalent combination of education and experience in Information Security or Computer Science.
  • demonstrated ability as a manager with at least 7 years of information security experience.
  • Industry certifications such as GIAC certifications (GSLC, GSTRT, GLEG) and others; CISM, CISA, CRISC, are nice to have.
  • Experience with privacy and security compliance and risk management frameworks (GDPR, CPRA, ISO, NIST, PCI-DSS, etc.)
  • Prior experience with system audits and IT reporting for SOX and SOC compliance.
  • Supervise security controls and the evolution of the company s Information Security maturity.
  • Work closely with the Director of IT on the implementation of large-scale projects and cross-functional initiatives.
  • Understand the foundations of cloud and application security. Experience with GCP, AWS or Azure.
  • Solid understanding of RBAC models, SSO solutions, identity stores and directory services (SAML 2, OAuth 2, OIDC).
  • Provide feedback to Leads on technical solutions while allowing them the flexibility to make the technical decisions.
  • Proven track record of authoring and maintaining security policies, standards, and procedures. Non-technical Qualifications:
    • Must be able to prioritize projects and tasks in a pragmatic way while understanding the critical impacts and downstream implications to the business. Attention to details and project management skills are required.
    • Work with Team Leads to a build year and quarterly roadmaps. Present roadmaps to key partners, gain agreement and ensure alignment on initiatives.
    • Being well organized is a must!
    • Clearly articulate issues and communicate in an effective and personable manner.
    • Experience presenting technical issues to leadership in a digestible way.
    • Adjust quickly to the security needs of a highly agile organization, must be flexible and adaptable to change.
    • Love to learn and grow. CarGurus Culture: Research shows that while men apply to jobs when they meet an average of 60% of the criteria, women and other marginalized folks tend to only apply when they check every box. So if you think you have what it takes, but don't necessarily meet every single point on the job description, please still get in touch. We'd love to have a chat and see if you could be a great fit. At CarGurus, we invest in our people s professional growth with everything from learning and development programs to tuition reimbursement. Want to work on projects that expand your skill set without sacrificing your work/life balance? You got it. We also strive to provide perks and benefits that employees actually care about like free lunch, commuter subsidies, and more. That includes equity in the company our way of showing that we want you here for the long haul. We work hard every day to build the world s most trusted and transparent automotive marketplace, but trust and transparency don t just apply to our consumers. They extend to our talent, too. We aim to create a workplace where everyone feels they can bring the ultimate expression of themselves and their potential where you don t just fit, you thrive. We don t discriminate based on race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. We recognize that flexibility plays a critical role in enabling our people to thrive in both their personal and professional lives. We currently welcome Gurus into our Cambridge, MA office on a voluntary basis but do not require employees to physically be in the office. We will adopt a hybrid working model when health experts and government officials in our local communities deem it safe to do so. Specific arrangements within this model will be up to team leaders discretion; we encourage you to discuss your questions and needs during the interview process.All US CarGurus employees are required to provide proof of full vaccination against COVID-19, unless they have an approved medical or religious accommodation. This helps us to safeguard the health of our employees and their families, our customers and visitors, and the community at large.#LI-Hybrid

Keywords: Cargurus, Cambridge , Senior Information Security Manager, Executive , Cambridge, Massachusetts